From cda775cfae7d8ea91f1c2b7b0ae4775bb013927b Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Thu, 5 Feb 2026 12:34:00 +0100 Subject: [PATCH 1/9] Add prometheusConfig API --- config/v1alpha1/types_cluster_monitoring.go | 564 ++++++- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 1391 ++++++++++++++++- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 1391 ++++++++++++++++- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 1391 ++++++++++++++++- config/v1alpha1/zz_generated.deepcopy.go | 226 +++ .../ClusterMonitoringConfig.yaml | 1391 ++++++++++++++++- .../zz_generated.swagger_doc_generated.go | 119 +- .../generated_openapi/zz_generated.openapi.go | 615 +++++++- openapi/openapi.json | 705 ++++----- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 1391 ++++++++++++++++- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 1391 ++++++++++++++++- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 1391 ++++++++++++++++- 12 files changed, 11542 insertions(+), 424 deletions(-) diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 29bf8ba4884..12be65d713f 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -89,6 +89,19 @@ type ClusterMonitoringSpec struct { // The current default value is `DefaultConfig`. // +optional AlertmanagerConfig AlertmanagerConfig `json:"alertmanagerConfig,omitempty,omitzero"` + // prometheusConfig provides configuration options for the default platform Prometheus instance + // that runs in the `openshift-monitoring` namespace. This configuration applies only to the + // platform Prometheus instance; user-workload Prometheus instances are configured separately. + // + // This field allows you to customize how the platform Prometheus is deployed and operated, including: + // - Pod scheduling (node selectors, tolerations, topology spread constraints) + // - Resource allocation (CPU, memory requests/limits) + // - Retention policies (how long metrics are stored) + // - External integrations (remote write, additional alertmanagers) + // + // This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + // +optional + PrometheusConfig PrometheusConfig `json:"prometheusConfig,omitempty,omitzero"` // metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. // Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -250,14 +263,12 @@ type AlertmanagerCustomConfig struct { // +listMapKey=whenUnsatisfiable // +optional TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` - // volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - // configure the persistent volume claim, including storage class, volume - // size, and name. + // volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + // configure the persistent volume claim, including storage class and volume size. // If omitted, the Pod uses ephemeral storage and alert data will not persist // across restarts. - // This field is optional. // +optional - VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` } // AlertManagerDeployMode defines the deployment state of the platform Alertmanager instance. @@ -278,19 +289,19 @@ const ( AlertManagerDeployModeCustomConfig AlertManagerDeployMode = "CustomConfig" ) -// logLevel defines the verbosity of logs emitted by Alertmanager. +// LogLevel defines the verbosity of logs emitted by Alertmanager. // Valid values are Error, Warn, Info and Debug. // +kubebuilder:validation:Enum=Error;Warn;Info;Debug type LogLevel string const ( - // Error only errors will be logged. + // LogLevelError only errors will be logged. LogLevelError LogLevel = "Error" - // Warn, both warnings and errors will be logged. + // LogLevelWarn, both warnings and errors will be logged. LogLevelWarn LogLevel = "Warn" - // Info, general information, warnings, and errors will all be logged. + // LogLevelInfo, general information, warnings, and errors will all be logged. LogLevelInfo LogLevel = "Info" - // Debug, detailed debugging information will be logged. + // LogLevelDebug, detailed debugging information will be logged. LogLevelDebug LogLevel = "Debug" ) @@ -507,6 +518,539 @@ type PrometheusOperatorConfig struct { TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` } +// PrometheusConfig provides configuration options for the Prometheus instance. +// Use this configuration to control +// Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations. +// +kubebuilder:validation:MinProperties=1 +type PrometheusConfig struct { + // additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + // the Prometheus component. This is useful for organizations that need to: + // - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + // - Route different types of alerts to different teams or systems + // - Integrate with existing enterprise alerting infrastructure + // - Maintain separate alert routing for compliance or organizational requirements + // By default, no additional Alertmanager instances are configured. + // When omitted, no additional Alertmanager instances are configured (default behavior). + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Each entry must have a unique name field, which serves as the map key for server-side apply. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + AdditionalAlertmanagerConfigs []AdditionalAlertmanagerConfig `json:"additionalAlertmanagerConfigs,omitempty"` + // enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + // If a scraped target's body response is larger than the limit, the scrape will fail. + // This helps protect Prometheus from targets that return excessively large responses. + // The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + // When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + // limit based on cluster capacity. Set an explicit value to override the automatic calculation. + // Minimum value is 10240 (10kB). + // Maximum value is 1073741824 (1GB). + // +kubebuilder:validation:Minimum=10240 + // +kubebuilder:validation:Maximum=1073741824 + // +optional + EnforcedBodySizeLimitBytes int64 `json:"enforcedBodySizeLimitBytes,omitempty"` + // externalLabels defines labels to be attached to time series and alerts + // when communicating with external systems such as federation, remote storage, + // and Alertmanager. These labels are not stored with metrics on disk; they are + // only added when data leaves Prometheus (e.g., during federation queries, + // remote write, or alert notifications). + // At least 1 label must be specified when set, with a maximum of 50 labels allowed. + // Each label key must be unique within this list. + // When omitted, no external labels are applied. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=50 + // +listType=map + // +listMapKey=key + ExternalLabels []Label `json:"externalLabels,omitempty"` + // logLevel defines the verbosity of logs emitted by Prometheus. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + // +optional + LogLevel LogLevel `json:"logLevel,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // Maximum of 10 node selector key-value pairs can be specified. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // queryLogFile specifies the file to which PromQL queries are logged. + // This setting can be either a filename, in which + // case the queries are saved to an `emptyDir` volume + // at `/var/log/prometheus`, or a full path to a location where + // an `emptyDir` volume will be mounted and the queries saved. + // Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + // writing to any other `/dev/` path is not supported. Relative paths are + // also not supported. + // By default, PromQL queries are not logged. + // Must be an absolute path starting with `/` or a simple filename without path separators. + // Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + // Must contain only alphanumeric characters, '.', '_', '-', or '/'. + // Must be between 1 and 255 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._/-]+$')",message="must contain only alphanumeric characters, '.', '_', '-', or '/'" + // +kubebuilder:validation:XValidation:rule="self.startsWith('/') || !self.contains('/')",message="must be an absolute path starting with '/' or a simple filename without '/'" + // +kubebuilder:validation:XValidation:rule="!self.startsWith('/dev/') || self in ['/dev/stdout', '/dev/stderr', '/dev/null']",message="only /dev/stdout, /dev/stderr, and /dev/null are allowed as /dev/ paths" + // +kubebuilder:validation:XValidation:rule="!self.contains('//') && !self.endsWith('/') && !self.contains('..')",message="must not contain '//', end with '/', or contain '..'" + QueryLogFile string `json:"queryLogFile,omitempty"` + // remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + // Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + // When omitted, no remote write endpoints are configured. + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Each entry must have a unique URL. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=url + // +optional + RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // Each entry must have a unique resource name. + // Minimum of 1 and maximum of 10 resource entries can be specified. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // - name: memory + // request: 40Mi + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // retention configures how long Prometheus retains metrics data and how much storage it can use. + // When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + // +optional + Retention Retention `json:"retention,omitempty,omitzero"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10 + // Minimum length for this list is 1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1 + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // collectionProfile defines the metrics collection profile that Prometheus uses to collect + // metrics from the platform components. Supported values are `Full` or + // `Minimal`. In the `Full` profile (default), Prometheus collects all + // metrics that are exposed by the platform components. In the `Minimal` + // profile, Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is `Full`. + // +optional + CollectionProfile CollectionProfile `json:"collectionProfile,omitempty"` + // volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + // configure the persistent volume claim, including storage class and volume size. + // If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + // across restarts. + // +optional + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` +} + +// AlertmanagerScheme defines the URL scheme to use when communicating with Alertmanager instances. +// +kubebuilder:validation:Enum=HTTP;HTTPS +type AlertmanagerScheme string + +const ( + AlertmanagerSchemeHTTP AlertmanagerScheme = "HTTP" + AlertmanagerSchemeHTTPS AlertmanagerScheme = "HTTPS" +) + +// AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. +// The `AdditionalAlertmanagerConfig` resource defines settings for how a +// component communicates with additional Alertmanager instances. +type AdditionalAlertmanagerConfig struct { + // name is a unique identifier for this Alertmanager configuration entry. + // This field is used as the map key for server-side apply, allowing multiple + // controllers (e.g., ACM, cluster admins) to independently manage their own entries. + // The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + // hyphens, or periods, and must start and end with an alphanumeric character. + // Maximum length is 253 characters. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +required + Name string `json:"name,omitempty"` + // authorization configures the authentication method for Alertmanager connections. + // Supports bearer token authentication. When omitted, no authentication is used. + // +optional + Authorization AuthorizationConfig `json:"authorization,omitempty,omitzero"` + // pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + // For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + // set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + // This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + // Must start with "/" and not end with "/" (unless it is the root path "/"). + // Must not contain query strings ("?") or fragments ("#"). + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="self.startsWith('/')",message="pathPrefix must start with '/'" + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/') || self == '/'",message="pathPrefix must not end with '/' (except for root '/')" + // +kubebuilder:validation:XValidation:rule="!self.contains('?') && !self.contains('#')",message="pathPrefix must not contain '?' or '#'" + // +optional + PathPrefix string `json:"pathPrefix,omitempty"` + // scheme defines the URL scheme to use when communicating with Alertmanager + // instances. + // Possible values are `HTTP` or `HTTPS`. + // When omitted, defaults to `HTTP`. + // +kubebuilder:default=HTTP + // +optional + Scheme AlertmanagerScheme `json:"scheme,omitempty"` + // staticConfigs is a list of statically configured Alertmanager endpoints in the form + // of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + // (in brackets) followed by a colon and a valid port number (1-65535). + // Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + // At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + // Each entry must be unique. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MaxLength=255 + // +kubebuilder:validation:items:XValidation:rule="isURL('http://' + self) && size(url('http://' + self).getHostname()) > 0 && size(url('http://' + self).getPort()) > 0 && int(url('http://' + self).getPort()) >= 1 && int(url('http://' + self).getPort()) <= 65535",message="must be a valid 'host:port' where host is a DNS name, IPv4, or IPv6 address (in brackets), and port is 1-65535" + // +listType=set + // +required + StaticConfigs []string `json:"staticConfigs,omitempty"` + // timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + // When omitted, the default is 10 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + // +optional + TimeoutSeconds int32 `json:"timeoutSeconds,omitempty"` + // tlsConfig defines the TLS settings to use for Alertmanager connections. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` +} + +// Label represents a key/value pair for external labels. +type Label struct { + // key is the name of the label. + // Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Key string `json:"key,omitempty"` + // value is the value of the label. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Value string `json:"value,omitempty"` +} + +// RemoteWriteSpec represents configuration for remote write endpoints. +type RemoteWriteSpec struct { + // url is the URL of the remote write endpoint. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" + URL string `json:"url,omitempty"` + // name is an optional identifier for this remote write configuration. + // When omitted, Prometheus generates a unique name automatically. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + // remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + // When omitted, the default is 30 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + // +optional + RemoteTimeoutSeconds int32 `json:"remoteTimeoutSeconds,omitempty"` + // writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + // When omitted, no relabeling is performed and all metrics are sent as-is. + // Minimum of 1 and maximum of 10 relabeling rules can be specified. + // Each rule must have a unique name. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + WriteRelabelConfigs []RelabelConfig `json:"writeRelabelConfigs,omitempty"` +} + +// RelabelConfig represents a relabeling rule. +// +kubebuilder:validation:XValidation:rule="self.action in ['Replace', 'HashMod', 'Lowercase', 'Uppercase', 'KeepEqual', 'DropEqual'] ? (has(self.targetLabel) && size(self.targetLabel) > 0) : !has(self.targetLabel)",message="targetLabel is required when action is Replace, HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="self.action in ['Replace', 'LabelMap'] || !has(self.replacement)",message="replacement is only valid when action is Replace or LabelMap" +type RelabelConfig struct { + // name is a unique identifier for this relabel configuration. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + // sourceLabels specifies which label names to extract from each series for this relabeling rule. + // Each entry must be a valid label name (non-empty). + // The values of these labels are joined together using the configured separator, + // and the resulting string is then matched against the regular expression for + // the replace, keep, or drop actions. + // If a referenced label does not exist on a series, Prometheus substitutes an empty string. + // When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + // Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + // Each entry must be unique. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=128 + // +listType=set + SourceLabels []string `json:"sourceLabels,omitempty"` + // separator is the character sequence used to join source label values. + // Common examples: ";", ",", "::", "|||". + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is ";". + // Must be between 1 and 5 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=5 + Separator string `json:"separator,omitempty"` + // regex is the regular expression to match against the concatenated source label values. + // Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "(.*)" to match everything. + // Must be between 1 and 1000 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1000 + Regex string `json:"regex,omitempty"` + // targetLabel is the target label name where the result is written. + // Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. + // Must be between 1 and 128 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + // replacement value against which a Replace action is performed if the + // regular expression matches. Regex capture groups are available (e.g., $1, $2). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "$1" (the first capture group). + // Setting to an empty string ("") explicitly clears the target label value. + // Must be at most 255 characters in length. + // +optional + // +kubebuilder:validation:MaxLength=255 + Replacement *string `json:"replacement,omitempty"` + // action is the action to perform on the matched labels. + // Valid actions are: + // - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + // - Keep: Keeps only metrics where regex matches the source labels. + // - Drop: Drops metrics where regex matches the source labels. + // - HashMod: Sets targetLabel to the hash modulus of the source labels. + // - LabelMap: Copies labels matching regex to new label names derived from replacement. + // - LabelDrop: Drops labels matching regex. + // - LabelKeep: Keeps only labels matching regex. + // +required + Action RelabelAction `json:"action,omitempty"` +} + +// TLSConfig represents TLS configuration for Alertmanager connections. +// At least one TLS configuration option must be specified. +// For mutual TLS (mTLS), both cert and key must be specified together, or both omitted. +// +kubebuilder:validation:MinProperties=1 +// +kubebuilder:validation:XValidation:rule="(has(self.cert) && has(self.key)) || (!has(self.cert) && !has(self.key))",message="cert and key must both be specified together for mutual TLS, or both be omitted" +type TLSConfig struct { + // ca is an optional CA certificate to use for TLS connections. + // When omitted, the system's default CA bundle is used. + // +optional + CA SecretKeySelector `json:"ca,omitempty,omitzero"` + // cert is an optional client certificate to use for mutual TLS connections. + // When omitted, no client certificate is presented. + // +optional + Cert SecretKeySelector `json:"cert,omitempty,omitzero"` + // key is an optional client key to use for mutual TLS connections. + // When omitted, no client key is used. + // +optional + Key SecretKeySelector `json:"key,omitempty,omitzero"` + // serverName is an optional server name to use for TLS connections. + // When specified, must be a valid DNS subdomain as per RFC 1123. + // When omitted, the server name is derived from the URL. + // Must be between 1 and 253 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid DNS subdomain (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + ServerName string `json:"serverName,omitempty"` + // certificateVerification determines the policy for TLS certificate verification. + // Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "Verify". + // +optional + CertificateVerification CertificateVerificationType `json:"certificateVerification,omitempty"` +} + +// CertificateVerificationType defines the TLS certificate verification policy. +// +kubebuilder:validation:Enum=Verify;SkipVerify +type CertificateVerificationType string + +const ( + // CertificateVerificationVerify performs certificate verification (secure, recommended). + CertificateVerificationVerify CertificateVerificationType = "Verify" + // CertificateVerificationSkipVerify skips certificate verification (insecure, use with caution). + CertificateVerificationSkipVerify CertificateVerificationType = "SkipVerify" +) + +// AuthorizationType defines the type of authentication to use. +// +kubebuilder:validation:Enum=None;BearerToken +type AuthorizationType string + +const ( + // AuthorizationTypeNone indicates no authentication. + AuthorizationTypeNone AuthorizationType = "None" + // AuthorizationTypeBearerToken indicates bearer token authentication. + AuthorizationTypeBearerToken AuthorizationType = "BearerToken" +) + +// AuthorizationConfig defines the authentication method for Alertmanager connections. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken, and forbidden otherwise" +// +union +type AuthorizationConfig struct { + // type specifies the authentication type to use. + // Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + // When set to None, no authentication credentials are sent. + // When set to BearerToken, the bearerToken field must be specified. + // +unionDiscriminator + // +required + Type AuthorizationType `json:"type,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", forbidden otherwise. + // The secret must exist in the openshift-monitoring namespace. + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` +} + +// SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace. +// +structType=atomic +type SecretKeySelector struct { + // name is the name of the secret in the `openshift-monitoring` namespace to select from. + // Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid secret name (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + Name string `json:"name,omitempty"` + // key is the key of the secret to select from. + // Must consist of alphanumeric characters, '-', '_', or '.'. + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="must contain only alphanumeric characters, '-', '_', or '.'" + Key string `json:"key,omitempty"` +} + +// Retention configures how long Prometheus retains metrics data and how much storage it can use. +// +kubebuilder:validation:MinProperties=1 +type Retention struct { + // durationInDays specifies how many days Prometheus will retain metrics data. + // Prometheus automatically deletes data older than this duration. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 15. + // Minimum value is 1 day. + // Maximum value is 365 days (1 year). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=365 + // +optional + DurationInDays int32 `json:"durationInDays,omitempty"` + // sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + // can use for data blocks and the write-ahead log (WAL). + // When the limit is reached, Prometheus will delete oldest data first. + // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + // Minimum value is 1 GiB. + // Maximum value is 16384 GiB (16 TiB). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=16384 + // +optional + SizeInGiB int32 `json:"sizeInGiB,omitempty"` +} + +// RelabelAction defines the action to perform in a relabeling rule. +// +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep +type RelabelAction string + +const ( + // RelabelActionReplace replaces the target label with the replacement value. + RelabelActionReplace RelabelAction = "Replace" + // RelabelActionKeep keeps metrics that match the regex. + RelabelActionKeep RelabelAction = "Keep" + // RelabelActionDrop drops metrics that match the regex. + RelabelActionDrop RelabelAction = "Drop" + // RelabelActionHashMod sets the target label to the modulus of a hash of the source labels. + RelabelActionHashMod RelabelAction = "HashMod" + // RelabelActionLabelMap maps label names based on regex matching. + RelabelActionLabelMap RelabelAction = "LabelMap" + // RelabelActionLabelDrop removes labels that match the regex. + RelabelActionLabelDrop RelabelAction = "LabelDrop" + // RelabelActionLabelKeep removes labels that do not match the regex. + RelabelActionLabelKeep RelabelAction = "LabelKeep" +) + +// CollectionProfile defines the metrics collection profile for Prometheus. +// +kubebuilder:validation:Enum=Full;Minimal +type CollectionProfile string + +const ( + // CollectionProfileFull means Prometheus collects all metrics that are exposed by the platform components. + CollectionProfileFull CollectionProfile = "Full" + // CollectionProfileMinimal means Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + CollectionProfileMinimal CollectionProfile = "Minimal" +) + // AuditProfile defines the audit log level for the Metrics Server. // +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse type AuditProfile string diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index d19655e7783..0428b19497a 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -453,12 +453,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -1286,6 +1284,1391 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique. + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace, + HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, + and forbidden otherwise + rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', + ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) + && size(self.targetLabel) > 0) : !has(self.targetLabel)' + - message: replacement is only valid when action is Replace + or LabelMap + rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorConfig: description: |- prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 070f78e1f1d..4c166e1b8bb 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -453,12 +453,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -1286,6 +1284,1391 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique. + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace, + HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, + and forbidden otherwise + rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', + ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) + && size(self.targetLabel) > 0) : !has(self.targetLabel)' + - message: replacement is only valid when action is Replace + or LabelMap + rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorConfig: description: |- prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index af85a050e3c..99b6a734fc4 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -453,12 +453,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -1286,6 +1284,1391 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique. + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace, + HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, + and forbidden otherwise + rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', + ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) + && size(self.targetLabel) > 0) : !has(self.targetLabel)' + - message: replacement is only valid when action is Replace + or LabelMap + rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorConfig: description: |- prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index dc51326b970..22d7c682be5 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -11,6 +11,29 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalAlertmanagerConfig) DeepCopyInto(out *AdditionalAlertmanagerConfig) { + *out = *in + out.Authorization = in.Authorization + if in.StaticConfigs != nil { + in, out := &in.StaticConfigs, &out.StaticConfigs + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.TLSConfig = in.TLSConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalAlertmanagerConfig. +func (in *AdditionalAlertmanagerConfig) DeepCopy() *AdditionalAlertmanagerConfig { + if in == nil { + return nil + } + out := new(AdditionalAlertmanagerConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AlertmanagerConfig) DeepCopyInto(out *AlertmanagerConfig) { *out = *in @@ -98,6 +121,23 @@ func (in *Audit) DeepCopy() *Audit { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizationConfig) DeepCopyInto(out *AuthorizationConfig) { + *out = *in + out.BearerToken = in.BearerToken + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationConfig. +func (in *AuthorizationConfig) DeepCopy() *AuthorizationConfig { + if in == nil { + return nil + } + out := new(AuthorizationConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backup) DeepCopyInto(out *Backup) { *out = *in @@ -473,6 +513,7 @@ func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { *out = *in out.UserDefined = in.UserDefined in.AlertmanagerConfig.DeepCopyInto(&out.AlertmanagerConfig) + in.PrometheusConfig.DeepCopyInto(&out.PrometheusConfig) in.MetricsServerConfig.DeepCopyInto(&out.MetricsServerConfig) in.PrometheusOperatorConfig.DeepCopyInto(&out.PrometheusOperatorConfig) return @@ -863,6 +904,22 @@ func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Label) DeepCopyInto(out *Label) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Label. +func (in *Label) DeepCopy() *Label { + if in == nil { + return nil + } + out := new(Label) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { *out = *in @@ -1062,6 +1119,75 @@ func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig) { + *out = *in + if in.AdditionalAlertmanagerConfigs != nil { + in, out := &in.AdditionalAlertmanagerConfigs, &out.AdditionalAlertmanagerConfigs + *out = make([]AdditionalAlertmanagerConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExternalLabels != nil { + in, out := &in.ExternalLabels, &out.ExternalLabels + *out = make([]Label, len(*in)) + copy(*out, *in) + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.RemoteWrite != nil { + in, out := &in.RemoteWrite, &out.RemoteWrite + *out = make([]RemoteWriteSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.Retention = in.Retention + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.VolumeClaimTemplate != nil { + in, out := &in.VolumeClaimTemplate, &out.VolumeClaimTemplate + *out = new(v1.PersistentVolumeClaim) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig. +func (in *PrometheusConfig) DeepCopy() *PrometheusConfig { + if in == nil { + return nil + } + out := new(PrometheusConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrometheusOperatorConfig) DeepCopyInto(out *PrometheusOperatorConfig) { *out = *in @@ -1106,6 +1232,71 @@ func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { + *out = *in + if in.SourceLabels != nil { + in, out := &in.SourceLabels, &out.SourceLabels + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Replacement != nil { + in, out := &in.Replacement, &out.Replacement + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelConfig. +func (in *RelabelConfig) DeepCopy() *RelabelConfig { + if in == nil { + return nil + } + out := new(RelabelConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { + *out = *in + if in.WriteRelabelConfigs != nil { + in, out := &in.WriteRelabelConfigs, &out.WriteRelabelConfigs + *out = make([]RelabelConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteSpec. +func (in *RemoteWriteSpec) DeepCopy() *RemoteWriteSpec { + if in == nil { + return nil + } + out := new(RemoteWriteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Retention) DeepCopyInto(out *Retention) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Retention. +func (in *Retention) DeepCopy() *Retention { + if in == nil { + return nil + } + out := new(Retention) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RetentionNumberConfig) DeepCopyInto(out *RetentionNumberConfig) { *out = *in @@ -1164,6 +1355,22 @@ func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Storage) DeepCopyInto(out *Storage) { *out = *in @@ -1185,6 +1392,25 @@ func (in *Storage) DeepCopy() *Storage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { + *out = *in + out.CA = in.CA + out.Cert = in.Cert + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. +func (in *TLSConfig) DeepCopy() *TLSConfig { + if in == nil { + return nil + } + out := new(TLSConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserDefinedMonitoring) DeepCopyInto(out *UserDefinedMonitoring) { *out = *in diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 65138b4ab60..00031d7ffe8 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -453,12 +453,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -1286,6 +1284,1391 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique. + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace, + HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, + and forbidden otherwise + rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', + ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) + && size(self.targetLabel) > 0) : !has(self.targetLabel)' + - message: replacement is only valid when action is Replace + or LabelMap + rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorConfig: description: |- prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index c060ce87467..2f76f6b8f12 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -118,6 +118,21 @@ func (ClusterImagePolicyStatus) SwaggerDoc() map[string]string { return map_ClusterImagePolicyStatus } +var map_AdditionalAlertmanagerConfig = map[string]string{ + "": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "name": "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", + "authorization": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "pathPrefix": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. Must start with \"/\" and not end with \"/\" (unless it is the root path \"/\"). Must not contain query strings (\"?\") or fragments (\"#\").", + "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", + "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique.", + "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "tlsConfig": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", +} + +func (AdditionalAlertmanagerConfig) SwaggerDoc() map[string]string { + return map_AdditionalAlertmanagerConfig +} + var map_AlertmanagerConfig = map[string]string{ "": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "deploymentMode": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", @@ -136,7 +151,7 @@ var map_AlertmanagerCustomConfig = map[string]string{ "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "volumeClaimTemplate": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", } func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string { @@ -152,6 +167,16 @@ func (Audit) SwaggerDoc() map[string]string { return map_Audit } +var map_AuthorizationConfig = map[string]string{ + "": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "type": "type specifies the authentication type to use. Valid values are \"None\" (no authentication) and \"BearerToken\" (bearer token authentication). When set to None, no authentication credentials are sent. When set to BearerToken, the bearerToken field must be specified.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", +} + +func (AuthorizationConfig) SwaggerDoc() map[string]string { + return map_AuthorizationConfig +} + var map_ClusterMonitoring = map[string]string{ "": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "metadata": "metadata is the standard object metadata.", @@ -177,6 +202,7 @@ var map_ClusterMonitoringSpec = map[string]string{ "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "prometheusConfig": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "prometheusOperatorConfig": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } @@ -204,6 +230,16 @@ func (ContainerResource) SwaggerDoc() map[string]string { return map_ContainerResource } +var map_Label = map[string]string{ + "": "Label represents a key/value pair for external labels.", + "key": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "value": "value is the value of the label. Must be between 1 and 128 characters in length.", +} + +func (Label) SwaggerDoc() map[string]string { + return map_Label +} + var map_MetricsServerConfig = map[string]string{ "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", @@ -218,6 +254,27 @@ func (MetricsServerConfig) SwaggerDoc() map[string]string { return map_MetricsServerConfig } +var map_PrometheusConfig = map[string]string{ + "": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + "additionalAlertmanagerConfigs": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nBy default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field, which serves as the map key for server-side apply.", + "enforcedBodySizeLimitBytes": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + "externalLabels": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. Maximum of 10 node selector key-value pairs can be specified.", + "queryLogFile": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + "remoteWrite": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique URL.", + "resources": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", + "retention": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "collectionProfile": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", +} + +func (PrometheusConfig) SwaggerDoc() map[string]string { + return map_PrometheusConfig +} + var map_PrometheusOperatorConfig = map[string]string{ "": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", @@ -231,6 +288,66 @@ func (PrometheusOperatorConfig) SwaggerDoc() map[string]string { return map_PrometheusOperatorConfig } +var map_RelabelConfig = map[string]string{ + "": "RelabelConfig represents a relabeling rule.", + "name": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique.", + "separator": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "regex": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + "targetLabel": "targetLabel is the target label name where the result is written. Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. Must be between 1 and 128 characters in length when specified.", + "replacement": "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + "action": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", +} + +func (RelabelConfig) SwaggerDoc() map[string]string { + return map_RelabelConfig +} + +var map_RemoteWriteSpec = map[string]string{ + "": "RemoteWriteSpec represents configuration for remote write endpoints.", + "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "name": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + "remoteTimeoutSeconds": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", +} + +func (RemoteWriteSpec) SwaggerDoc() map[string]string { + return map_RemoteWriteSpec +} + +var map_Retention = map[string]string{ + "": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "durationInDays": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + "sizeInGiB": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", +} + +func (Retention) SwaggerDoc() map[string]string { + return map_Retention +} + +var map_SecretKeySelector = map[string]string{ + "": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "name": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "key": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", +} + +func (SecretKeySelector) SwaggerDoc() map[string]string { + return map_SecretKeySelector +} + +var map_TLSConfig = map[string]string{ + "": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "ca": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + "cert": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + "key": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "serverName": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "certificateVerification": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", +} + +func (TLSConfig) SwaggerDoc() map[string]string { + return map_TLSConfig +} + var map_UserDefinedMonitoring = map[string]string{ "": "UserDefinedMonitoring config for user-defined projects.", "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index b3a94e903fb..44ed15f3491 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -445,9 +445,11 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1.VSpherePlatformTopology": schema_openshift_api_config_v1_VSpherePlatformTopology(ref), "github.com/openshift/api/config/v1.VSpherePlatformVCenterSpec": schema_openshift_api_config_v1_VSpherePlatformVCenterSpec(ref), "github.com/openshift/api/config/v1.WebhookTokenAuthenticator": schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref), + "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig": schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref), "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig": schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref), "github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig": schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref), "github.com/openshift/api/config/v1alpha1.Audit": schema_openshift_api_config_v1alpha1_Audit(ref), + "github.com/openshift/api/config/v1alpha1.AuthorizationConfig": schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref), "github.com/openshift/api/config/v1alpha1.Backup": schema_openshift_api_config_v1alpha1_Backup(ref), "github.com/openshift/api/config/v1alpha1.BackupList": schema_openshift_api_config_v1alpha1_BackupList(ref), "github.com/openshift/api/config/v1alpha1.BackupSpec": schema_openshift_api_config_v1alpha1_BackupSpec(ref), @@ -479,6 +481,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.InsightsDataGatherList": schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), + "github.com/openshift/api/config/v1alpha1.Label": schema_openshift_api_config_v1alpha1_Label(ref), "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), "github.com/openshift/api/config/v1alpha1.PKICertificateSubject": schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref), "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref), @@ -488,11 +491,17 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.PolicyMatchExactRepository": schema_openshift_api_config_v1alpha1_PolicyMatchExactRepository(ref), "github.com/openshift/api/config/v1alpha1.PolicyMatchRemapIdentity": schema_openshift_api_config_v1alpha1_PolicyMatchRemapIdentity(ref), "github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust": schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref), + "github.com/openshift/api/config/v1alpha1.PrometheusConfig": schema_openshift_api_config_v1alpha1_PrometheusConfig(ref), "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref), + "github.com/openshift/api/config/v1alpha1.RelabelConfig": schema_openshift_api_config_v1alpha1_RelabelConfig(ref), + "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec": schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref), + "github.com/openshift/api/config/v1alpha1.Retention": schema_openshift_api_config_v1alpha1_Retention(ref), "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig": schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref), "github.com/openshift/api/config/v1alpha1.RetentionPolicy": schema_openshift_api_config_v1alpha1_RetentionPolicy(ref), "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig": schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref), + "github.com/openshift/api/config/v1alpha1.SecretKeySelector": schema_openshift_api_config_v1alpha1_SecretKeySelector(ref), "github.com/openshift/api/config/v1alpha1.Storage": schema_openshift_api_config_v1alpha1_Storage(ref), + "github.com/openshift/api/config/v1alpha1.TLSConfig": schema_openshift_api_config_v1alpha1_TLSConfig(ref), "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring": schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref), "github.com/openshift/api/config/v1alpha2.Custom": schema_openshift_api_config_v1alpha2_Custom(ref), "github.com/openshift/api/config/v1alpha2.GatherConfig": schema_openshift_api_config_v1alpha2_GatherConfig(ref), @@ -22321,6 +22330,84 @@ func schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref common.Referen } } +func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "authorization": { + SchemaProps: spec.SchemaProps{ + Description: "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.AuthorizationConfig"), + }, + }, + "pathPrefix": { + SchemaProps: spec.SchemaProps{ + Description: "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. Must start with \"/\" and not end with \"/\" (unless it is the root path \"/\"). Must not contain query strings (\"?\") or fragments (\"#\").", + Type: []string{"string"}, + Format: "", + }, + }, + "scheme": { + SchemaProps: spec.SchemaProps{ + Description: "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", + Type: []string{"string"}, + Format: "", + }, + }, + "staticConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "timeoutSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "tlsConfig": { + SchemaProps: spec.SchemaProps{ + Description: "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), + }, + }, + }, + Required: []string{"name", "staticConfigs"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.AuthorizationConfig", "github.com/openshift/api/config/v1alpha1.TLSConfig"}, + } +} + func schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -22467,7 +22554,7 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re }, "volumeClaimTemplate": { SchemaProps: spec.SchemaProps{ - Description: "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + Description: "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaim"), }, }, @@ -22500,6 +22587,48 @@ func schema_openshift_api_config_v1alpha1_Audit(ref common.ReferenceCallback) co } } +func schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AuthorizationConfig defines the authentication method for Alertmanager connections.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type specifies the authentication type to use. Valid values are \"None\" (no authentication) and \"BearerToken\" (bearer token authentication). When set to None, no authentication credentials are sent. When set to BearerToken, the bearerToken field must be specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "bearerToken": { + SchemaProps: spec.SchemaProps{ + Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "bearerToken": "BearerToken", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23105,6 +23234,13 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer Ref: ref("github.com/openshift/api/config/v1alpha1.AlertmanagerConfig"), }, }, + "prometheusConfig": { + SchemaProps: spec.SchemaProps{ + Description: "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusConfig"), + }, + }, "metricsServerConfig": { SchemaProps: spec.SchemaProps{ Description: "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", @@ -23123,7 +23259,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, + "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.PrometheusConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, } } @@ -23706,6 +23842,34 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref common.Re } } +func schema_openshift_api_config_v1alpha1_Label(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Label represents a key/value pair for external labels.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the value of the label. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"key", "value"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24079,6 +24243,208 @@ func schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref common.Reference } } +func schema_openshift_api_config_v1alpha1_PrometheusConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "additionalAlertmanagerConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nBy default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field, which serves as the map key for server-side apply.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig"), + }, + }, + }, + }, + }, + "enforcedBodySizeLimitBytes": { + SchemaProps: spec.SchemaProps{ + Description: "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "externalLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "key", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Label"), + }, + }, + }, + }, + }, + "logLevel": { + SchemaProps: spec.SchemaProps{ + Description: "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + Type: []string{"string"}, + Format: "", + }, + }, + "nodeSelector": { + SchemaProps: spec.SchemaProps{ + Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. Maximum of 10 node selector key-value pairs can be specified.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "queryLogFile": { + SchemaProps: spec.SchemaProps{ + Description: "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "remoteWrite": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "url", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique URL.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RemoteWriteSpec"), + }, + }, + }, + }, + }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "retention": { + SchemaProps: spec.SchemaProps{ + Description: "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Retention"), + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.Toleration"), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), + }, + }, + }, + }, + }, + "collectionProfile": { + SchemaProps: spec.SchemaProps{ + Description: "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + Type: []string{"string"}, + Format: "", + }, + }, + "volumeClaimTemplate": { + SchemaProps: spec.SchemaProps{ + Description: "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaim"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.ContainerResource", "github.com/openshift/api/config/v1alpha1.Label", "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec", "github.com/openshift/api/config/v1alpha1.Retention", "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, + } +} + func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24181,6 +24547,168 @@ func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.Re } } +func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RelabelConfig represents a relabeling rule.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "sourceLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "separator": { + SchemaProps: spec.SchemaProps{ + Description: "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "regex": { + SchemaProps: spec.SchemaProps{ + Description: "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the target label name where the result is written. Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. Must be between 1 and 128 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "replacement": { + SchemaProps: spec.SchemaProps{ + Description: "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "action": { + SchemaProps: spec.SchemaProps{ + Description: "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "action"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RemoteWriteSpec represents configuration for remote write endpoints.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "url": { + SchemaProps: spec.SchemaProps{ + Description: "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "remoteTimeoutSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "writeRelabelConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RelabelConfig"), + }, + }, + }, + }, + }, + }, + Required: []string{"url"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.RelabelConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_Retention(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "durationInDays": { + SchemaProps: spec.SchemaProps{ + Description: "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "sizeInGiB": { + SchemaProps: spec.SchemaProps{ + Description: "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24275,6 +24803,39 @@ func schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref common.Referen } } +func schema_openshift_api_config_v1alpha1_SecretKeySelector(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "key"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-map-type": "atomic", + }, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24305,6 +24866,56 @@ func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) } } +func schema_openshift_api_config_v1alpha1_TLSConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ca": { + SchemaProps: spec.SchemaProps{ + Description: "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "cert": { + SchemaProps: spec.SchemaProps{ + Description: "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "serverName": { + SchemaProps: spec.SchemaProps{ + Description: "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "certificateVerification": { + SchemaProps: spec.SchemaProps{ + Description: "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index 3a4fa000b28..d45c89e6172 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -9533,7 +9533,7 @@ } }, "com.github.openshift.api.config.v1.OIDCClientConfig": { - "description": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method.", + "description": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method", "type": "object", "required": [ "componentName", @@ -9547,17 +9547,17 @@ "default": "" }, "clientSecret": { - "description": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field.\n\nThe client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", + "description": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field. The client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, "componentName": { - "description": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode.\n\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "description": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", "type": "string", "default": "" }, "componentNamespace": { - "description": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "description": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running. It is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", "type": "string", "default": "" }, @@ -9612,7 +9612,7 @@ "default": "" }, "componentNamespace": { - "description": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "description": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running. It is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", "type": "string", "default": "" }, @@ -9638,7 +9638,7 @@ "x-kubernetes-list-type": "set" }, "currentOIDCClients": { - "description": "currentOIDCClients is an optional list of clients that the component is currently using.\n\nEntries must have unique issuerURL/clientID pairs.", + "description": "currentOIDCClients is an optional list of clients that the component is currently using. Entries must have unique issuerURL/clientID pairs.", "type": "array", "items": { "default": {}, @@ -10252,7 +10252,7 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformSpec" }, "type": { - "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"IBMCloud\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\", \"External\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", "type": "string", "default": "" }, @@ -10547,7 +10547,7 @@ "default": "" }, "prefix": { - "description": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "description": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", "type": "string", "default": "" } @@ -11462,7 +11462,7 @@ ], "properties": { "extra": { - "description": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity.\n\nkey values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", + "description": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity. key values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", "type": "array", "items": { "default": {}, @@ -11474,12 +11474,12 @@ "x-kubernetes-list-type": "map" }, "groups": { - "description": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.\n\nWhen referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (',').\n\nFor example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", + "description": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider. When referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (','). For example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.PrefixedClaimMapping" }, "uid": { - "description": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time.\n\nThe current default is to use the 'sub' claim.", + "description": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time. The current default is to use the 'sub' claim.", "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping" }, "username": { @@ -11580,7 +11580,7 @@ "x-kubernetes-list-type": "set" }, "discoveryURL": { - "description": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", + "description": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `url` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", "type": "string" }, "issuerCertificateAuthority": { @@ -11623,7 +11623,7 @@ ], "properties": { "expression": { - "description": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc.\n\nThe expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", + "description": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc. The expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", "type": "string" }, "message": { @@ -11731,7 +11731,7 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernamePrefix" }, "prefixPolicy": { - "description": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim.\n\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + "description": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. As an example, consider the following scenario:\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", "type": "string", "default": "" } @@ -12161,6 +12161,52 @@ } } }, + "com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig": { + "description": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "type": "object", + "required": [ + "name", + "staticConfigs" + ], + "properties": { + "authorization": { + "description": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AuthorizationConfig" + }, + "name": { + "description": "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", + "type": "string" + }, + "pathPrefix": { + "description": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. Must start with \"/\" and not end with \"/\" (unless it is the root path \"/\"). Must not contain query strings (\"?\") or fragments (\"#\").", + "type": "string" + }, + "scheme": { + "description": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", + "type": "string" + }, + "staticConfigs": { + "description": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "timeoutSeconds": { + "description": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "type": "integer", + "format": "int32" + }, + "tlsConfig": { + "description": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" + } + } + }, "com.github.openshift.api.config.v1alpha1.AlertmanagerConfig": { "description": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "type": "object", @@ -12196,7 +12242,7 @@ } }, "resources": { - "description": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "description": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", "type": "array", "items": { "default": {}, @@ -12217,7 +12263,7 @@ "x-kubernetes-list-type": "set" }, "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", "type": "array", "items": { "default": {}, @@ -12226,7 +12272,7 @@ "x-kubernetes-list-type": "atomic" }, "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "description": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { "default": {}, @@ -12239,7 +12285,7 @@ "x-kubernetes-list-type": "map" }, "volumeClaimTemplate": { - "description": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + "description": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" } } @@ -12257,6 +12303,32 @@ } } }, + "com.github.openshift.api.config.v1alpha1.AuthorizationConfig": { + "description": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "bearerToken": { + "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "type": { + "description": "type specifies the authentication type to use. Valid values are \"None\" (no authentication) and \"BearerToken\" (bearer token authentication). When set to None, no authentication credentials are sent. When set to BearerToken, the bearerToken field must be specified.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "bearerToken": "BearerToken" + } + } + ] + }, "com.github.openshift.api.config.v1alpha1.Backup": { "description": "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -12335,100 +12407,6 @@ "com.github.openshift.api.config.v1alpha1.BackupStatus": { "type": "object" }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig": { - "description": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec" - }, - "status": { - "description": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus" - } - } - }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigList": { - "description": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec": { - "description": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", - "type": "object", - "properties": { - "matchImages": { - "description": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus": { - "description": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", - "type": "object", - "properties": { - "conditions": { - "description": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - } - }, "com.github.openshift.api.config.v1alpha1.ClusterImagePolicy": { "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -12605,10 +12583,10 @@ "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetricsServerConfig" }, - "prometheusOperatorConfig": { - "description": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "prometheusConfig": { + "description": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusConfig" }, "userDefined": { "description": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", @@ -12957,6 +12935,24 @@ "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus": { "type": "object" }, + "com.github.openshift.api.config.v1alpha1.Label": { + "description": "Label represents a key/value pair for external labels.", + "type": "object", + "required": [ + "key", + "value" + ], + "properties": { + "key": { + "description": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "type": "string" + }, + "value": { + "description": "value is the value of the label. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "type": "object", @@ -12975,7 +12971,7 @@ } }, "resources": { - "description": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "description": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", "type": "array", "items": { "default": {}, @@ -12987,7 +12983,7 @@ "x-kubernetes-list-type": "map" }, "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", "type": "array", "items": { "default": {}, @@ -12996,7 +12992,7 @@ "x-kubernetes-list-type": "atomic" }, "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "description": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { "default": {}, @@ -13179,24 +13175,73 @@ } ] }, - "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig": { - "description": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + "com.github.openshift.api.config.v1alpha1.PrometheusConfig": { + "description": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", "type": "object", "properties": { + "additionalAlertmanagerConfigs": { + "description": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nBy default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field, which serves as the map key for server-side apply.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "collectionProfile": { + "description": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "type": "string" + }, + "enforcedBodySizeLimitBytes": { + "description": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + "type": "integer", + "format": "int64" + }, + "externalLabels": { + "description": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Label" + }, + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" + }, "logLevel": { - "description": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "description": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "type": "string" }, "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. Maximum of 10 node selector key-value pairs can be specified.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, + "queryLogFile": { + "description": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + "type": "string" + }, + "remoteWrite": { + "description": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique URL.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RemoteWriteSpec" + }, + "x-kubernetes-list-map-keys": [ + "url" + ], + "x-kubernetes-list-type": "map" + }, "resources": { - "description": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "description": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", "type": "array", "items": { "default": {}, @@ -13207,8 +13252,13 @@ ], "x-kubernetes-list-type": "map" }, + "retention": { + "description": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Retention" + }, "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", "type": "array", "items": { "default": {}, @@ -13217,7 +13267,7 @@ "x-kubernetes-list-type": "atomic" }, "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "description": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { "default": {}, @@ -13228,6 +13278,103 @@ "whenUnsatisfiable" ], "x-kubernetes-list-type": "map" + }, + "volumeClaimTemplate": { + "description": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "com.github.openshift.api.config.v1alpha1.RelabelConfig": { + "description": "RelabelConfig represents a relabeling rule.", + "type": "object", + "required": [ + "name", + "action" + ], + "properties": { + "action": { + "description": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", + "type": "string" + }, + "name": { + "description": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "type": "string" + }, + "regex": { + "description": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + "type": "string" + }, + "replacement": { + "description": "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + "type": "string" + }, + "separator": { + "description": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "type": "string" + }, + "sourceLabels": { + "description": "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "targetLabel": { + "description": "targetLabel is the target label name where the result is written. Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. Must be between 1 and 128 characters in length when specified.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.RemoteWriteSpec": { + "description": "RemoteWriteSpec represents configuration for remote write endpoints.", + "type": "object", + "required": [ + "url" + ], + "properties": { + "name": { + "description": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + "type": "string" + }, + "remoteTimeoutSeconds": { + "description": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "type": "integer", + "format": "int32" + }, + "url": { + "description": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "type": "string" + }, + "writeRelabelConfigs": { + "description": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RelabelConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1alpha1.Retention": { + "description": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "type": "object", + "properties": { + "durationInDays": { + "description": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + "type": "integer", + "format": "int32" + }, + "sizeInGiB": { + "description": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", + "type": "integer", + "format": "int32" } } }, @@ -13296,6 +13443,25 @@ } } }, + "com.github.openshift.api.config.v1alpha1.SecretKeySelector": { + "description": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "type": "object", + "required": [ + "name", + "key" + ], + "properties": { + "key": { + "description": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", + "type": "string" + }, + "name": { + "description": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, "com.github.openshift.api.config.v1alpha1.Storage": { "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", @@ -13314,6 +13480,35 @@ } } }, + "com.github.openshift.api.config.v1alpha1.TLSConfig": { + "description": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "type": "object", + "properties": { + "ca": { + "description": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "cert": { + "description": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "certificateVerification": { + "description": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", + "type": "string" + }, + "key": { + "description": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "serverName": { + "description": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring": { "description": "UserDefinedMonitoring config for user-defined projects.", "type": "object", @@ -14572,13 +14767,9 @@ "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSource" }, "type": { - "description": "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"\n\nPossible enum values:\n - `\"ContainerImport\"` A sample that let the user import a container image.\n - `\"GitImport\"` A sample that let the user import code from a git repository.", + "description": "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"", "type": "string", - "default": "", - "enum": [ - "ContainerImport", - "GitImport" - ] + "default": "" } }, "x-kubernetes-unions": [ @@ -14779,250 +14970,6 @@ } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerCluster": { - "description": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "metadata" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "status": { - "description": "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus" - } - } - }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus": { - "description": "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", - "type": "object", - "required": [ - "conditions", - "name", - "method" - ], - "properties": { - "conditions": { - "description": "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "method": { - "description": "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.\n\nPossible enum values:\n - `\"IPMI\"` uses IPMI (Intelligent Platform Management Interface), a hardware management interface.\n - `\"Redfish\"` uses Redfish, a standard RESTful API for server management.", - "type": "string", - "enum": [ - "IPMI", - "Redfish" - ] - }, - "name": { - "description": "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", - "type": "string" - } - } - }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterList": { - "description": "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of PacemakerCluster objects.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerCluster" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus": { - "description": "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", - "type": "object", - "required": [ - "conditions", - "nodeName", - "addresses", - "resources", - "fencingAgents" - ], - "properties": { - "addresses": { - "description": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress" - }, - "x-kubernetes-list-type": "atomic" - }, - "conditions": { - "description": "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "fencingAgents": { - "description": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "nodeName": { - "description": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", - "type": "string" - }, - "resources": { - "description": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus": { - "description": "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", - "type": "object", - "required": [ - "conditions", - "name" - ], - "properties": { - "conditions": { - "description": "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "name": { - "description": "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.\n\nPossible enum values:\n - `\"Etcd\"` is the etcd pacemaker resource. The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations.\n - `\"Kubelet\"` is the kubelet pacemaker resource. The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments.", - "type": "string", - "enum": [ - "Etcd", - "Kubelet" - ] - } - } - }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus": { - "description": "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", - "type": "object", - "required": [ - "conditions", - "lastUpdated", - "nodes" - ], - "properties": { - "conditions": { - "description": "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "lastUpdated": { - "description": "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "nodes": { - "description": "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus" - }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress": { - "description": "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", - "type": "object", - "required": [ - "type", - "address" - ], - "properties": { - "address": { - "description": "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", - "type": "string" - }, - "type": { - "description": "type is the type of node address. Currently only \"InternalIP\" is supported.\n\nPossible enum values:\n - `\"InternalIP\"` is an internal IP address assigned to the node. This is typically the IP address used for intra-cluster communication.", - "type": "string", - "enum": [ - "InternalIP" - ] - } - } - }, "com.github.openshift.api.example.v1.CELUnion": { "description": "CELUnion demonstrates how to use a discriminated union and how to validate it using CEL.", "type": "object", @@ -25105,10 +25052,6 @@ "format": "int32", "default": 0 }, - "synchronizedAPI": { - "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", - "type": "string" - }, "synchronizedGeneration": { "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", "type": "integer", @@ -25212,10 +25155,6 @@ "description": "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "synchronizedAPI": { - "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", - "type": "string" - }, "synchronizedGeneration": { "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", "type": "integer", diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index d19655e7783..0428b19497a 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -453,12 +453,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -1286,6 +1284,1391 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique. + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace, + HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, + and forbidden otherwise + rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', + ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) + && size(self.targetLabel) > 0) : !has(self.targetLabel)' + - message: replacement is only valid when action is Replace + or LabelMap + rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorConfig: description: |- prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 070f78e1f1d..4c166e1b8bb 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -453,12 +453,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -1286,6 +1284,1391 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique. + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace, + HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, + and forbidden otherwise + rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', + ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) + && size(self.targetLabel) > 0) : !has(self.targetLabel)' + - message: replacement is only valid when action is Replace + or LabelMap + rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorConfig: description: |- prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index af85a050e3c..99b6a734fc4 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -453,12 +453,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -1286,6 +1284,1391 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique. + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace, + HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, + and forbidden otherwise + rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', + ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) + && size(self.targetLabel) > 0) : !has(self.targetLabel)' + - message: replacement is only valid when action is Replace + or LabelMap + rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC.\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorConfig: description: |- prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. From 404af7f5ec231117ed87b50be805abcd5c74b151 Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Fri, 23 Jan 2026 13:02:05 +0100 Subject: [PATCH 2/9] add suggestions Signed-off-by: Mario Fernandez --- .../ClusterMonitoringConfig.yaml | 1446 +++++++++++++++++ config/v1alpha1/types_cluster_monitoring.go | 196 ++- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 226 ++- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 226 ++- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 226 ++- config/v1alpha1/zz_generated.deepcopy.go | 158 +- .../ClusterMonitoringConfig.yaml | 226 ++- .../zz_generated.swagger_doc_generated.go | 89 +- .../generated_openapi/zz_generated.openapi.go | 246 ++- openapi/openapi.json | 160 +- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 226 ++- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 226 ++- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 226 ++- 13 files changed, 3473 insertions(+), 404 deletions(-) diff --git a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 45aba20c2a8..508c7401e26 100644 --- a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -351,3 +351,1449 @@ tests: - name: "example.com/quux" request: "1" expectedError: 'spec.metricsServerConfig.resources: Too many: 11: must have at most 10 items' + - name: Should be able to create a minimal PrometheusConfig + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + logLevel: Info + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + logLevel: Info + - name: Should accept PrometheusConfig with all fields + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + enforcedBodySizeLimitBytes: 4194304 + logLevel: Debug + collectionProfile: Full + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/worker: "" + queryLogFile: /var/log/prometheus/queries.log + externalLabels: + - key: cluster + value: production + - key: region + value: us-east-1 + resources: + - name: cpu + request: "500m" + limit: "2" + - name: memory + request: "1Gi" + limit: "4Gi" + retention: + durationInDays: 30 + sizeInGiB: 100 + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: prometheus + remoteWrite: + - url: https://remote-write.example.com/api/v1/write + name: remote-write-1 + remoteTimeoutSeconds: 30 + additionalAlertmanagerConfigs: + - name: external-alertmanager + staticConfigs: + - alertmanager.example.com:9093 + scheme: HTTPS + timeoutSeconds: 10 + authorization: + type: BearerToken + bearerToken: + name: alertmanager-token + key: token + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + enforcedBodySizeLimitBytes: 4194304 + logLevel: Debug + collectionProfile: Full + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/worker: "" + queryLogFile: /var/log/prometheus/queries.log + externalLabels: + - key: cluster + value: production + - key: region + value: us-east-1 + resources: + - name: cpu + request: "500m" + limit: "2" + - name: memory + request: "1Gi" + limit: "4Gi" + retention: + durationInDays: 30 + sizeInGiB: 100 + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: prometheus + remoteWrite: + - url: https://remote-write.example.com/api/v1/write + name: remote-write-1 + remoteTimeoutSeconds: 30 + additionalAlertmanagerConfigs: + - name: external-alertmanager + staticConfigs: + - alertmanager.example.com:9093 + scheme: HTTPS + timeoutSeconds: 10 + authorization: + type: BearerToken + bearerToken: + name: alertmanager-token + key: token + - name: Should reject PrometheusConfig with enforcedBodySizeLimitBytes below minimum + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + enforcedBodySizeLimitBytes: 10239 + expectedError: 'spec.prometheusConfig.enforcedBodySizeLimitBytes: Invalid value: 10239: spec.prometheusConfig.enforcedBodySizeLimitBytes in body should be greater than or equal to 10240' + - name: Should reject PrometheusConfig with enforcedBodySizeLimitBytes above maximum + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + enforcedBodySizeLimitBytes: 1073741825 + expectedError: 'spec.prometheusConfig.enforcedBodySizeLimitBytes: Invalid value: 1073741825: spec.prometheusConfig.enforcedBodySizeLimitBytes in body should be less than or equal to 1073741824' + - name: Should reject PrometheusConfig with invalid logLevel + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + logLevel: Invalid + expectedError: 'spec.prometheusConfig.logLevel: Invalid value: "Invalid": spec.prometheusConfig.logLevel in body should be one of [Error Warn Info Debug]' + - name: Should reject PrometheusConfig with invalid collectionProfile + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + collectionProfile: Invalid + expectedError: 'spec.prometheusConfig.collectionProfile: Invalid value: "Invalid": spec.prometheusConfig.collectionProfile in body should be one of [Full Minimal]' + - name: Should reject PrometheusConfig with nodeSelector exceeding max properties + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + nodeSelector: + key1: value1 + key2: value2 + key3: value3 + key4: value4 + key5: value5 + key6: value6 + key7: value7 + key8: value8 + key9: value9 + key10: value10 + key11: value11 + expectedError: 'spec.prometheusConfig.nodeSelector: Too many properties: 11: must not have more than 10 properties' + - name: Should reject PrometheusConfig with queryLogFile not starting with / or containing / + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + queryLogFile: relative/path.log + expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "relative/path.log": must be an absolute path starting with "/" or a simple filename without "/"' + - name: Should reject PrometheusConfig with queryLogFile ending with / + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + queryLogFile: /var/log/queries/ + expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "/var/log/queries/": must not contain "//", end with "/", or contain ".."' + - name: Should reject PrometheusConfig with queryLogFile containing // + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + queryLogFile: /var//log/queries.log + expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "/var//log/queries.log": must not contain "//", end with "/", or contain ".."' + - name: Should reject PrometheusConfig with queryLogFile containing .. + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + queryLogFile: /var/log/../queries.log + expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "/var/log/../queries.log": must not contain "//", end with "/", or contain ".."' + - name: Should reject PrometheusConfig with queryLogFile containing invalid /dev/ path + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + queryLogFile: /dev/random + expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "/dev/random": only /dev/stdout, /dev/stderr, and /dev/null are allowed as /dev/ paths' + - name: Should accept PrometheusConfig with queryLogFile as /dev/stdout + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + queryLogFile: /dev/stdout + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + queryLogFile: /dev/stdout + - name: Should reject PrometheusConfig with externalLabels exceeding max items + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + externalLabels: + - key: label1 + value: value1 + - key: label2 + value: value2 + - key: label3 + value: value3 + - key: label4 + value: value4 + - key: label5 + value: value5 + - key: label6 + value: value6 + - key: label7 + value: value7 + - key: label8 + value: value8 + - key: label9 + value: value9 + - key: label10 + value: value10 + - key: label11 + value: value11 + - key: label12 + value: value12 + - key: label13 + value: value13 + - key: label14 + value: value14 + - key: label15 + value: value15 + - key: label16 + value: value16 + - key: label17 + value: value17 + - key: label18 + value: value18 + - key: label19 + value: value19 + - key: label20 + value: value20 + - key: label21 + value: value21 + - key: label22 + value: value22 + - key: label23 + value: value23 + - key: label24 + value: value24 + - key: label25 + value: value25 + - key: label26 + value: value26 + - key: label27 + value: value27 + - key: label28 + value: value28 + - key: label29 + value: value29 + - key: label30 + value: value30 + - key: label31 + value: value31 + - key: label32 + value: value32 + - key: label33 + value: value33 + - key: label34 + value: value34 + - key: label35 + value: value35 + - key: label36 + value: value36 + - key: label37 + value: value37 + - key: label38 + value: value38 + - key: label39 + value: value39 + - key: label40 + value: value40 + - key: label41 + value: value41 + - key: label42 + value: value42 + - key: label43 + value: value43 + - key: label44 + value: value44 + - key: label45 + value: value45 + - key: label46 + value: value46 + - key: label47 + value: value47 + - key: label48 + value: value48 + - key: label49 + value: value49 + - key: label50 + value: value50 + - key: label51 + value: value51 + expectedError: 'spec.prometheusConfig.externalLabels: Too many: 51: must have at most 50 items' + - name: Should reject PrometheusConfig with externalLabels duplicate keys + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + externalLabels: + - key: cluster + value: production + - key: cluster + value: staging + expectedError: 'spec.prometheusConfig.externalLabels[1]: Duplicate value: map[string]interface {}{"key":"cluster"}' + - name: Should reject PrometheusConfig with externalLabels missing key + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + externalLabels: + - value: production + expectedError: 'spec.prometheusConfig.externalLabels[0].key: Required value' + - name: Should reject PrometheusConfig with externalLabels missing value + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + externalLabels: + - key: cluster + expectedError: 'spec.prometheusConfig.externalLabels[0].value: Required value' + - name: Should reject PrometheusConfig with remoteWrite exceeding max items + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote1.example.com/write + - url: https://remote2.example.com/write + - url: https://remote3.example.com/write + - url: https://remote4.example.com/write + - url: https://remote5.example.com/write + - url: https://remote6.example.com/write + - url: https://remote7.example.com/write + - url: https://remote8.example.com/write + - url: https://remote9.example.com/write + - url: https://remote10.example.com/write + - url: https://remote11.example.com/write + expectedError: 'spec.prometheusConfig.remoteWrite: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusConfig with remoteWrite duplicate URLs + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + - url: https://remote.example.com/write + expectedError: 'spec.prometheusConfig.remoteWrite[1]: Duplicate value: map[string]interface {}{"url":"https://remote.example.com/write"}' + - name: Should reject PrometheusConfig with remoteWrite invalid URL + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: invalid-url + expectedError: 'spec.prometheusConfig.remoteWrite[0].url: Invalid value: "invalid-url": must be a valid URL with http or https scheme' + - name: Should reject PrometheusConfig with remoteWrite URL not http/https + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: ftp://remote.example.com/write + expectedError: 'spec.prometheusConfig.remoteWrite[0].url: Invalid value: "ftp://remote.example.com/write": must be a valid URL with http or https scheme' + - name: Should reject PrometheusConfig with remoteWrite name invalid characters + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + name: invalid@name + expectedError: 'spec.prometheusConfig.remoteWrite[0].name: Invalid value: "invalid@name": must contain only alphanumeric characters, hyphens, and underscores' + - name: Should reject PrometheusConfig with remoteWrite remoteTimeoutSeconds below minimum + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + remoteTimeoutSeconds: 0 + expectedError: 'spec.prometheusConfig.remoteWrite[0].remoteTimeoutSeconds: Invalid value: 0: spec.prometheusConfig.remoteWrite[0].remoteTimeoutSeconds in body should be greater than or equal to 1' + - name: Should reject PrometheusConfig with remoteWrite remoteTimeoutSeconds above maximum + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + remoteTimeoutSeconds: 601 + expectedError: 'spec.prometheusConfig.remoteWrite[0].remoteTimeoutSeconds: Invalid value: 601: spec.prometheusConfig.remoteWrite[0].remoteTimeoutSeconds in body should be less than or equal to 600' + - name: Should reject PrometheusConfig with additionalAlertmanagerConfigs exceeding max items + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + additionalAlertmanagerConfigs: + - name: alertmanager1 + staticConfigs: + - alertmanager1.example.com:9093 + - name: alertmanager2 + staticConfigs: + - alertmanager2.example.com:9093 + - name: alertmanager3 + staticConfigs: + - alertmanager3.example.com:9093 + - name: alertmanager4 + staticConfigs: + - alertmanager4.example.com:9093 + - name: alertmanager5 + staticConfigs: + - alertmanager5.example.com:9093 + - name: alertmanager6 + staticConfigs: + - alertmanager6.example.com:9093 + - name: alertmanager7 + staticConfigs: + - alertmanager7.example.com:9093 + - name: alertmanager8 + staticConfigs: + - alertmanager8.example.com:9093 + - name: alertmanager9 + staticConfigs: + - alertmanager9.example.com:9093 + - name: alertmanager10 + staticConfigs: + - alertmanager10.example.com:9093 + - name: alertmanager11 + staticConfigs: + - alertmanager11.example.com:9093 + expectedError: 'spec.prometheusConfig.additionalAlertmanagerConfigs: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusConfig with additionalAlertmanagerConfigs duplicate names + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + additionalAlertmanagerConfigs: + - name: alertmanager + staticConfigs: + - alertmanager.example.com:9093 + - name: alertmanager + staticConfigs: + - alertmanager2.example.com:9093 + expectedError: 'spec.prometheusConfig.additionalAlertmanagerConfigs[1]: Duplicate value: map[string]interface {}{"name":"alertmanager"}' + - name: Should reject PrometheusConfig with retention durationInDays below minimum + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + retention: + durationInDays: 0 + expectedError: 'spec.prometheusConfig.retention.durationInDays: Invalid value: 0: spec.prometheusConfig.retention.durationInDays in body should be greater than or equal to 1' + - name: Should reject PrometheusConfig with retention durationInDays above maximum + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + retention: + durationInDays: 366 + expectedError: 'spec.prometheusConfig.retention.durationInDays: Invalid value: 366: spec.prometheusConfig.retention.durationInDays in body should be less than or equal to 365' + - name: Should reject PrometheusConfig with retention sizeInGiB below minimum + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + retention: + sizeInGiB: 0 + expectedError: 'spec.prometheusConfig.retention.sizeInGiB: Invalid value: 0: spec.prometheusConfig.retention.sizeInGiB in body should be greater than or equal to 1' + - name: Should reject PrometheusConfig with retention sizeInGiB above maximum + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + retention: + sizeInGiB: 16385 + expectedError: 'spec.prometheusConfig.retention.sizeInGiB: Invalid value: 16385: spec.prometheusConfig.retention.sizeInGiB in body should be less than or equal to 16384' + - name: Should reject PrometheusConfig with tolerations exceeding max items + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + tolerations: + - key: "key1" + operator: "Equal" + value: "value1" + effect: "NoSchedule" + - key: "key2" + operator: "Equal" + value: "value2" + effect: "NoSchedule" + - key: "key3" + operator: "Equal" + value: "value3" + effect: "NoSchedule" + - key: "key4" + operator: "Equal" + value: "value4" + effect: "NoSchedule" + - key: "key5" + operator: "Equal" + value: "value5" + effect: "NoSchedule" + - key: "key6" + operator: "Equal" + value: "value6" + effect: "NoSchedule" + - key: "key7" + operator: "Equal" + value: "value7" + effect: "NoSchedule" + - key: "key8" + operator: "Equal" + value: "value8" + effect: "NoSchedule" + - key: "key9" + operator: "Equal" + value: "value9" + effect: "NoSchedule" + - key: "key10" + operator: "Equal" + value: "value10" + effect: "NoSchedule" + - key: "key11" + operator: "Equal" + value: "value11" + effect: "NoSchedule" + expectedError: 'spec.prometheusConfig.tolerations: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusConfig with topologySpreadConstraints exceeding max items + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: zone1 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone2 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone3 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone4 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone5 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone6 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone7 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone8 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone9 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone10 + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: zone11 + whenUnsatisfiable: DoNotSchedule + expectedError: 'spec.prometheusConfig.topologySpreadConstraints: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusConfig with resources exceeding max items + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + resources: + - name: cpu + request: "100m" + - name: memory + request: "64Mi" + - name: hugepages-2Mi + request: "32Mi" + - name: hugepages-1Gi + request: "1Gi" + - name: ephemeral-storage + request: "1Gi" + - name: nvidia.com/gpu + request: "1" + - name: example.com/foo + request: "1" + - name: example.com/bar + request: "1" + - name: example.com/baz + request: "1" + - name: example.com/qux + request: "1" + - name: example.com/quux + request: "1" + expectedError: 'spec.prometheusConfig.resources: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusConfig with resources duplicate names + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + resources: + - name: cpu + request: "100m" + - name: cpu + request: "200m" + expectedError: 'spec.prometheusConfig.resources[1]: Duplicate value: map[string]interface {}{"name":"cpu"}' + - name: Should accept PrometheusConfig with RelabelConfig Replace action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: replace-action + action: Replace + sourceLabels: + - instance + targetLabel: instance + replace: + targetLabel: instance + replacement: "$1" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: replace-action + action: Replace + sourceLabels: + - instance + targetLabel: instance + replace: + targetLabel: instance + replacement: "$1" + - name: Should accept PrometheusConfig with RelabelConfig Keep action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: keep-action + action: Keep + sourceLabels: + - job + regex: ".*" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: keep-action + action: Keep + sourceLabels: + - job + regex: ".*" + - name: Should accept PrometheusConfig with RelabelConfig Drop action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: drop-action + action: Drop + sourceLabels: + - job + regex: ".*" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: drop-action + action: Drop + sourceLabels: + - job + regex: ".*" + - name: Should accept PrometheusConfig with RelabelConfig HashMod action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: hashmod-action + action: HashMod + sourceLabels: + - instance + hashMod: + targetLabel: shard + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: hashmod-action + action: HashMod + sourceLabels: + - instance + hashMod: + targetLabel: shard + - name: Should accept PrometheusConfig with RelabelConfig LabelMap action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: labelmap-action + action: LabelMap + regex: "k8s_(.*)" + labelMap: + replacement: "$1" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: labelmap-action + action: LabelMap + regex: "k8s_(.*)" + labelMap: + replacement: "$1" + - name: Should accept PrometheusConfig with RelabelConfig LabelDrop action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: labeldrop-action + action: LabelDrop + regex: ".*" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: labeldrop-action + action: LabelDrop + regex: ".*" + - name: Should accept PrometheusConfig with RelabelConfig LabelKeep action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: labelkeep-action + action: LabelKeep + regex: ".*" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: labelkeep-action + action: LabelKeep + regex: ".*" + - name: Should accept PrometheusConfig with RelabelConfig Lowercase action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: lowercase-action + action: Lowercase + sourceLabels: + - instance + lowercase: + targetLabel: instance_lower + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: lowercase-action + action: Lowercase + sourceLabels: + - instance + lowercase: + targetLabel: instance_lower + - name: Should accept PrometheusConfig with RelabelConfig Uppercase action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: uppercase-action + action: Uppercase + sourceLabels: + - instance + uppercase: + targetLabel: instance_upper + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: uppercase-action + action: Uppercase + sourceLabels: + - instance + uppercase: + targetLabel: instance_upper + - name: Should accept PrometheusConfig with RelabelConfig KeepEqual action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: keepequal-action + action: KeepEqual + sourceLabels: + - instance + keepEqual: + targetLabel: instance + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: keepequal-action + action: KeepEqual + sourceLabels: + - instance + keepEqual: + targetLabel: instance + - name: Should accept PrometheusConfig with RelabelConfig DropEqual action + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: dropequal-action + action: DropEqual + sourceLabels: + - instance + dropEqual: + targetLabel: instance + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: dropequal-action + action: DropEqual + sourceLabels: + - instance + dropEqual: + targetLabel: instance + - name: Should reject PrometheusConfig with invalid RelabelAction + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: invalid-action + action: InvalidAction + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "InvalidAction": spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action in body should be one of [Replace Keep Drop HashMod LabelMap LabelDrop LabelKeep Lowercase Uppercase KeepEqual DropEqual]' + - name: Should reject PrometheusConfig with Replace action missing replace config + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: replace-action + action: Replace + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + - name: Should reject PrometheusConfig with Replace action having wrong config type + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: replace-action + action: Replace + hashMod: + targetLabel: shard + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + - name: Should reject PrometheusConfig with HashMod action missing hashMod config + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: hashmod-action + action: HashMod + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + - name: Should reject PrometheusConfig with Lowercase action missing lowercase config + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: lowercase-action + action: Lowercase + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + - name: Should reject PrometheusConfig with Uppercase action missing uppercase config + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: uppercase-action + action: Uppercase + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + - name: Should reject PrometheusConfig with KeepEqual action missing keepEqual config + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: keepequal-action + action: KeepEqual + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + - name: Should reject PrometheusConfig with DropEqual action missing dropEqual config + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: dropequal-action + action: DropEqual + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + - name: Should reject PrometheusConfig with LabelMap action missing labelMap config + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: labelmap-action + action: LabelMap + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + - name: Should reject PrometheusConfig with RelabelConfig name missing + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - action: Keep + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].name: Required value' + - name: Should reject PrometheusConfig with RelabelConfig name too long + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: "this-is-a-very-long-relabel-config-name-that-exceeds-the-maximum-length-of-63-characters-and-should-be-rejected" + action: Keep + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].name: Too long: may not be more than 63 bytes' + - name: Should reject PrometheusConfig with RelabelConfig name invalid characters + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: "invalid@name" + action: Keep + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].name: Invalid value: "invalid@name": must contain only alphanumeric characters, hyphens, and underscores' + - name: Should reject PrometheusConfig with RelabelConfig sourceLabels exceeding max items + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: relabel-config + action: Keep + sourceLabels: + - label1 + - label2 + - label3 + - label4 + - label5 + - label6 + - label7 + - label8 + - label9 + - label10 + - label11 + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].sourceLabels: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusConfig with RelabelConfig sourceLabels starting with __ + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: relabel-config + action: Keep + sourceLabels: + - __meta_kubernetes_pod_name + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].sourceLabels[0]: Invalid value: "__meta_kubernetes_pod_name": label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed' + - name: Should reject PrometheusConfig with RelabelConfig separator too long + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: relabel-config + action: Keep + separator: ";;;;;" + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].separator: Too long: may not be more than 5 bytes' + - name: Should reject PrometheusConfig with RelabelConfig regex exceeding max length + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: relabel-config + action: Keep + regex: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].regex: Too long: may not be more than 1000 bytes' + - name: Should reject PrometheusConfig with Replace action missing targetLabel + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: replace-action + action: Replace + replace: {} + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].replace.targetLabel: Required value' + - name: Should reject PrometheusConfig with Replace action targetLabel too long + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: replace-action + action: Replace + replace: + targetLabel: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].replace.targetLabel: Too long: may not be more than 128 bytes' + - name: Should reject PrometheusConfig with Replace action replacement too long + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: replace-action + action: Replace + replace: + targetLabel: instance + replacement: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].replace.replacement: Too long: may not be more than 255 bytes' + - name: Should reject PrometheusConfig with HashMod action missing targetLabel + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: hashmod-action + action: HashMod + hashMod: {} + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].hashMod.targetLabel: Required value' + - name: Should reject PrometheusConfig with writeRelabelConfigs duplicate names + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: relabel-config + action: Keep + - name: relabel-config + action: Drop + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[1]: Duplicate value: map[string]interface {}{"name":"relabel-config"}' + - name: Should reject PrometheusConfig with writeRelabelConfigs exceeding max items + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: https://remote.example.com/write + writeRelabelConfigs: + - name: config1 + action: Keep + - name: config2 + action: Keep + - name: config3 + action: Keep + - name: config4 + action: Keep + - name: config5 + action: Keep + - name: config6 + action: Keep + - name: config7 + action: Keep + - name: config8 + action: Keep + - name: config9 + action: Keep + - name: config10 + action: Keep + - name: config11 + action: Keep + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs: Too many: 11: must have at most 10 items' \ No newline at end of file diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 12be65d713f..85bcf3982ab 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -529,10 +529,9 @@ type PrometheusConfig struct { // - Route different types of alerts to different teams or systems // - Integrate with existing enterprise alerting infrastructure // - Maintain separate alert routing for compliance or organizational requirements - // By default, no additional Alertmanager instances are configured. // When omitted, no additional Alertmanager instances are configured (default behavior). // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). - // Each entry must have a unique name field, which serves as the map key for server-side apply. + // Each entry must have a unique name field. // +optional // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=10 @@ -753,7 +752,8 @@ type AdditionalAlertmanagerConfig struct { // +required StaticConfigs []string `json:"staticConfigs,omitempty"` // timeoutSeconds defines the timeout in seconds for requests to Alertmanager. - // When omitted, the default is 10 seconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Currently the default is 10 seconds. // Minimum value is 1 second. // Maximum value is 600 seconds (10 minutes). // +kubebuilder:validation:Minimum=1 @@ -803,7 +803,8 @@ type RemoteWriteSpec struct { // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" Name string `json:"name,omitempty"` // remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. - // When omitted, the default is 30 seconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Currently the default is 30 seconds. // Minimum value is 1 second. // Maximum value is 600 seconds (10 minutes). // +kubebuilder:validation:Minimum=1 @@ -823,8 +824,9 @@ type RemoteWriteSpec struct { } // RelabelConfig represents a relabeling rule. -// +kubebuilder:validation:XValidation:rule="self.action in ['Replace', 'HashMod', 'Lowercase', 'Uppercase', 'KeepEqual', 'DropEqual'] ? (has(self.targetLabel) && size(self.targetLabel) > 0) : !has(self.targetLabel)",message="targetLabel is required when action is Replace, HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="self.action in ['Replace', 'LabelMap'] || !has(self.replacement)",message="replacement is only valid when action is Replace or LabelMap" +// Exactly one action-specific configuration must be specified based on the action type. +// +kubebuilder:validation:XValidation:rule="(self.action == 'Replace' ? has(self.replace) : !has(self.replace)) && (self.action == 'HashMod' ? has(self.hashMod) : !has(self.hashMod)) && (self.action == 'Lowercase' ? has(self.lowercase) : !has(self.lowercase)) && (self.action == 'Uppercase' ? has(self.uppercase) : !has(self.uppercase)) && (self.action == 'KeepEqual' ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action == 'DropEqual' ? has(self.dropEqual) : !has(self.dropEqual)) && (self.action == 'LabelMap' ? has(self.labelMap) : !has(self.labelMap))",message="exactly one action-specific configuration must be specified and must match the action type" +// +union type RelabelConfig struct { // name is a unique identifier for this relabel configuration. // Must contain only alphanumeric characters, hyphens, and underscores. @@ -834,22 +836,27 @@ type RelabelConfig struct { // +kubebuilder:validation:MaxLength=63 // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" Name string `json:"name,omitempty"` + // sourceLabels specifies which label names to extract from each series for this relabeling rule. - // Each entry must be a valid label name (non-empty). // The values of these labels are joined together using the configured separator, - // and the resulting string is then matched against the regular expression for - // the replace, keep, or drop actions. + // and the resulting string is then matched against the regular expression. // If a referenced label does not exist on a series, Prometheus substitutes an empty string. // When omitted, the rule operates without extracting source labels (useful for actions like labelmap). // Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. // Each entry must be unique. + // Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + // Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + // While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + // ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). // +optional // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:items:MinLength=1 // +kubebuilder:validation:items:MaxLength=128 + // +kubebuilder:validation:items:XValidation:rule="!self.startsWith('__')",message="label names beginning with '__' (two underscores) are reserved for internal Prometheus use and are not allowed" // +listType=set SourceLabels []string `json:"sourceLabels,omitempty"` + // separator is the character sequence used to join source label values. // Common examples: ";", ",", "::", "|||". // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -859,6 +866,7 @@ type RelabelConfig struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=5 Separator string `json:"separator,omitempty"` + // regex is the regular expression to match against the concatenated source label values. // Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -868,13 +876,81 @@ type RelabelConfig struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1000 Regex string `json:"regex,omitempty"` - // targetLabel is the target label name where the result is written. - // Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. - // Must be between 1 and 128 characters in length when specified. + + // action is the action to perform on the matched labels. + // Valid actions are: + // - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + // - Keep: Keeps only metrics where regex matches the source labels. + // - Drop: Drops metrics where regex matches the source labels. + // - HashMod: Sets targetLabel to the hash modulus of the source labels. + // - LabelMap: Copies labels matching regex to new label names derived from replacement. + // - LabelDrop: Drops labels matching regex. + // - LabelKeep: Keeps only labels matching regex. + // - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + // - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + // - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + // - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + // +required + // +unionDiscriminator + // +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep;Lowercase;Uppercase;KeepEqual;DropEqual + Action RelabelAction `json:"action,omitempty"` + + // replace configures the Replace action. + // Required when action is Replace. + // +unionMember + // +optional + Replace *ReplaceActionConfig `json:"replace,omitempty,omitzero"` + + // hashMod configures the HashMod action. + // Required when action is HashMod. + // +unionMember + // +optional + HashMod *HashModActionConfig `json:"hashMod,omitempty,omitzero"` + + // lowercase configures the Lowercase action. + // Required when action is Lowercase. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Lowercase *LowercaseActionConfig `json:"lowercase,omitempty,omitzero"` + + // uppercase configures the Uppercase action. + // Required when action is Uppercase. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Uppercase *UppercaseActionConfig `json:"uppercase,omitempty,omitzero"` + + // keepEqual configures the KeepEqual action. + // Required when action is KeepEqual. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + KeepEqual *KeepEqualActionConfig `json:"keepEqual,omitempty,omitzero"` + + // dropEqual configures the DropEqual action. + // Required when action is DropEqual. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + DropEqual *DropEqualActionConfig `json:"dropEqual,omitempty,omitzero"` + + // labelMap configures the LabelMap action. + // Required when action is LabelMap. + // +unionMember // +optional + LabelMap *LabelMapActionConfig `json:"labelMap,omitempty,omitzero"` +} + +// ReplaceActionConfig configures the Replace action. +type ReplaceActionConfig struct { + // targetLabel is the target label name where the result is written. + // Must be between 1 and 128 characters in length. + // +required // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=128 TargetLabel string `json:"targetLabel,omitempty"` + // replacement value against which a Replace action is performed if the // regular expression matches. Regex capture groups are available (e.g., $1, $2). // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -884,17 +960,72 @@ type RelabelConfig struct { // +optional // +kubebuilder:validation:MaxLength=255 Replacement *string `json:"replacement,omitempty"` - // action is the action to perform on the matched labels. - // Valid actions are: - // - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - // - Keep: Keeps only metrics where regex matches the source labels. - // - Drop: Drops metrics where regex matches the source labels. - // - HashMod: Sets targetLabel to the hash modulus of the source labels. - // - LabelMap: Copies labels matching regex to new label names derived from replacement. - // - LabelDrop: Drops labels matching regex. - // - LabelKeep: Keeps only labels matching regex. +} + +// HashModActionConfig configures the HashMod action. +type HashModActionConfig struct { + // targetLabel is the target label name where the result is written. + // Must be between 1 and 128 characters in length. // +required - Action RelabelAction `json:"action,omitempty"` + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// LowercaseActionConfig configures the Lowercase action. +// Requires Prometheus >= v2.36.0. +type LowercaseActionConfig struct { + // targetLabel is the target label name where the result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// UppercaseActionConfig configures the Uppercase action. +// Requires Prometheus >= v2.36.0. +type UppercaseActionConfig struct { + // targetLabel is the target label name where the result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// KeepEqualActionConfig configures the KeepEqual action. +// Requires Prometheus >= v2.41.0. +type KeepEqualActionConfig struct { + // targetLabel is the target label name where the result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// DropEqualActionConfig configures the DropEqual action. +// Requires Prometheus >= v2.41.0. +type DropEqualActionConfig struct { + // targetLabel is the target label name where the result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// LabelMapActionConfig configures the LabelMap action. +type LabelMapActionConfig struct { + // replacement value used to derive new label names from labels matching the regex. + // Regex capture groups are available (e.g., $1, $2). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "$1" (the first capture group). + // Must be at most 255 characters in length. + // +optional + // +kubebuilder:validation:MaxLength=255 + Replacement *string `json:"replacement,omitempty"` } // TLSConfig represents TLS configuration for Alertmanager connections. @@ -944,29 +1075,26 @@ const ( ) // AuthorizationType defines the type of authentication to use. -// +kubebuilder:validation:Enum=None;BearerToken +// +kubebuilder:validation:Enum=BearerToken type AuthorizationType string const ( - // AuthorizationTypeNone indicates no authentication. - AuthorizationTypeNone AuthorizationType = "None" // AuthorizationTypeBearerToken indicates bearer token authentication. AuthorizationTypeBearerToken AuthorizationType = "BearerToken" ) // AuthorizationConfig defines the authentication method for Alertmanager connections. -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken" // +union type AuthorizationConfig struct { // type specifies the authentication type to use. - // Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). - // When set to None, no authentication credentials are sent. + // Valid value is "BearerToken" (bearer token authentication). // When set to BearerToken, the bearerToken field must be specified. // +unionDiscriminator // +required Type AuthorizationType `json:"type,omitempty"` // bearerToken defines the secret reference containing the bearer token. - // Required when type is "BearerToken", forbidden otherwise. + // Required when type is "BearerToken". // The secret must exist in the openshift-monitoring namespace. // +optional BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` @@ -1019,7 +1147,7 @@ type Retention struct { } // RelabelAction defines the action to perform in a relabeling rule. -// +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep +// +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep;Lowercase;Uppercase;KeepEqual;DropEqual type RelabelAction string const ( @@ -1037,6 +1165,14 @@ const ( RelabelActionLabelDrop RelabelAction = "LabelDrop" // RelabelActionLabelKeep removes labels that do not match the regex. RelabelActionLabelKeep RelabelAction = "LabelKeep" + // RelabelActionLowercase converts the target label value to lowercase. + RelabelActionLowercase RelabelAction = "Lowercase" + // RelabelActionUppercase converts the target label value to uppercase. + RelabelActionUppercase RelabelAction = "Uppercase" + // RelabelActionKeepEqual keeps metrics where the source label value equals the target label value. + RelabelActionKeepEqual RelabelAction = "KeepEqual" + // RelabelActionDropEqual drops metrics where the source label value equals the target label value. + RelabelActionDropEqual RelabelAction = "DropEqual" ) // CollectionProfile defines the metrics collection profile for Prometheus. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 0428b19497a..e52f1b881bc 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1307,10 +1307,9 @@ spec: - Route different types of alerts to different teams or systems - Integrate with existing enterprise alerting infrastructure - Maintain separate alert routing for compliance or organizational requirements - By default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). - Each entry must have a unique name field, which serves as the map key for server-side apply. + Each entry must have a unique name field. items: description: |- AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. @@ -1325,7 +1324,7 @@ spec: bearerToken: description: |- bearerToken defines the secret reference containing the bearer token. - Required when type is "BearerToken", forbidden otherwise. + Required when type is "BearerToken". The secret must exist in the openshift-monitoring namespace. properties: key: @@ -1361,19 +1360,16 @@ spec: type: description: |- type specifies the authentication type to use. - Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). - When set to None, no authentication credentials are sent. + Valid value is "BearerToken" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified. enum: - - None - BearerToken type: string required: - type type: object x-kubernetes-validations: - - message: bearerToken is required when type is BearerToken, - and forbidden otherwise + - message: bearerToken is required when type is BearerToken rule: 'has(self.type) && self.type == ''BearerToken'' ? has(self.bearerToken) : !has(self.bearerToken)' name: @@ -1448,7 +1444,8 @@ spec: timeoutSeconds: description: |- timeoutSeconds defines the timeout in seconds for requests to Alertmanager. - When omitted, the default is 10 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1763,7 +1760,8 @@ spec: remoteTimeoutSeconds: description: |- remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. - When omitted, the default is 30 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1789,9 +1787,36 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: RelabelConfig represents a relabeling rule. + description: |- + RelabelConfig represents a relabeling rule. + Exactly one action-specific configuration must be specified based on the action type. properties: action: + allOf: + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1802,15 +1827,89 @@ spec: - LabelMap: Copies labels matching regex to new label names derived from replacement. - LabelDrop: Drops labels matching regex. - LabelKeep: Keeps only labels matching regex. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. type: string + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when action is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when action is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when action is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when action is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when action is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object name: description: |- name is a unique identifier for this relabel configuration. @@ -1833,16 +1932,31 @@ spec: maxLength: 1000 minLength: 1 type: string - replacement: + replace: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string + replace configures the Replace action. + Required when action is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object separator: description: |- separator is the character sequence used to join source label values. @@ -1856,44 +1970,62 @@ spec: sourceLabels: description: |- sourceLabels specifies which label names to extract from each series for this relabeling rule. - Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, - and the resulting string is then matched against the regular expression for - the replace, keep, or drop actions. + and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: maxLength: 128 minLength: 1 type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' maxItems: 10 minItems: 1 type: array x-kubernetes-list-type: set - targetLabel: + uppercase: description: |- - targetLabel is the target label name where the result is written. - Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. - Must be between 1 and 128 characters in length when specified. - maxLength: 128 - minLength: 1 - type: string + uppercase configures the Uppercase action. + Required when action is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - action - name type: object x-kubernetes-validations: - - message: targetLabel is required when action is Replace, - HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, - and forbidden otherwise - rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', - ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) - && size(self.targetLabel) > 0) : !has(self.targetLabel)' - - message: replacement is only valid when action is Replace - or LabelMap - rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + - message: exactly one action-specific configuration must + be specified and must match the action type + rule: '(self.action == ''Replace'' ? has(self.replace) + : !has(self.replace)) && (self.action == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)) && (self.action + == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) + && (self.action == ''Uppercase'' ? has(self.uppercase) + : !has(self.uppercase)) && (self.action == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action + == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) + && (self.action == ''LabelMap'' ? has(self.labelMap) + : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 4c166e1b8bb..f355a4bbe88 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1307,10 +1307,9 @@ spec: - Route different types of alerts to different teams or systems - Integrate with existing enterprise alerting infrastructure - Maintain separate alert routing for compliance or organizational requirements - By default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). - Each entry must have a unique name field, which serves as the map key for server-side apply. + Each entry must have a unique name field. items: description: |- AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. @@ -1325,7 +1324,7 @@ spec: bearerToken: description: |- bearerToken defines the secret reference containing the bearer token. - Required when type is "BearerToken", forbidden otherwise. + Required when type is "BearerToken". The secret must exist in the openshift-monitoring namespace. properties: key: @@ -1361,19 +1360,16 @@ spec: type: description: |- type specifies the authentication type to use. - Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). - When set to None, no authentication credentials are sent. + Valid value is "BearerToken" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified. enum: - - None - BearerToken type: string required: - type type: object x-kubernetes-validations: - - message: bearerToken is required when type is BearerToken, - and forbidden otherwise + - message: bearerToken is required when type is BearerToken rule: 'has(self.type) && self.type == ''BearerToken'' ? has(self.bearerToken) : !has(self.bearerToken)' name: @@ -1448,7 +1444,8 @@ spec: timeoutSeconds: description: |- timeoutSeconds defines the timeout in seconds for requests to Alertmanager. - When omitted, the default is 10 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1763,7 +1760,8 @@ spec: remoteTimeoutSeconds: description: |- remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. - When omitted, the default is 30 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1789,9 +1787,36 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: RelabelConfig represents a relabeling rule. + description: |- + RelabelConfig represents a relabeling rule. + Exactly one action-specific configuration must be specified based on the action type. properties: action: + allOf: + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1802,15 +1827,89 @@ spec: - LabelMap: Copies labels matching regex to new label names derived from replacement. - LabelDrop: Drops labels matching regex. - LabelKeep: Keeps only labels matching regex. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. type: string + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when action is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when action is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when action is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when action is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when action is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object name: description: |- name is a unique identifier for this relabel configuration. @@ -1833,16 +1932,31 @@ spec: maxLength: 1000 minLength: 1 type: string - replacement: + replace: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string + replace configures the Replace action. + Required when action is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object separator: description: |- separator is the character sequence used to join source label values. @@ -1856,44 +1970,62 @@ spec: sourceLabels: description: |- sourceLabels specifies which label names to extract from each series for this relabeling rule. - Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, - and the resulting string is then matched against the regular expression for - the replace, keep, or drop actions. + and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: maxLength: 128 minLength: 1 type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' maxItems: 10 minItems: 1 type: array x-kubernetes-list-type: set - targetLabel: + uppercase: description: |- - targetLabel is the target label name where the result is written. - Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. - Must be between 1 and 128 characters in length when specified. - maxLength: 128 - minLength: 1 - type: string + uppercase configures the Uppercase action. + Required when action is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - action - name type: object x-kubernetes-validations: - - message: targetLabel is required when action is Replace, - HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, - and forbidden otherwise - rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', - ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) - && size(self.targetLabel) > 0) : !has(self.targetLabel)' - - message: replacement is only valid when action is Replace - or LabelMap - rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + - message: exactly one action-specific configuration must + be specified and must match the action type + rule: '(self.action == ''Replace'' ? has(self.replace) + : !has(self.replace)) && (self.action == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)) && (self.action + == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) + && (self.action == ''Uppercase'' ? has(self.uppercase) + : !has(self.uppercase)) && (self.action == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action + == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) + && (self.action == ''LabelMap'' ? has(self.labelMap) + : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 99b6a734fc4..66122f41119 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1307,10 +1307,9 @@ spec: - Route different types of alerts to different teams or systems - Integrate with existing enterprise alerting infrastructure - Maintain separate alert routing for compliance or organizational requirements - By default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). - Each entry must have a unique name field, which serves as the map key for server-side apply. + Each entry must have a unique name field. items: description: |- AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. @@ -1325,7 +1324,7 @@ spec: bearerToken: description: |- bearerToken defines the secret reference containing the bearer token. - Required when type is "BearerToken", forbidden otherwise. + Required when type is "BearerToken". The secret must exist in the openshift-monitoring namespace. properties: key: @@ -1361,19 +1360,16 @@ spec: type: description: |- type specifies the authentication type to use. - Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). - When set to None, no authentication credentials are sent. + Valid value is "BearerToken" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified. enum: - - None - BearerToken type: string required: - type type: object x-kubernetes-validations: - - message: bearerToken is required when type is BearerToken, - and forbidden otherwise + - message: bearerToken is required when type is BearerToken rule: 'has(self.type) && self.type == ''BearerToken'' ? has(self.bearerToken) : !has(self.bearerToken)' name: @@ -1448,7 +1444,8 @@ spec: timeoutSeconds: description: |- timeoutSeconds defines the timeout in seconds for requests to Alertmanager. - When omitted, the default is 10 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1763,7 +1760,8 @@ spec: remoteTimeoutSeconds: description: |- remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. - When omitted, the default is 30 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1789,9 +1787,36 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: RelabelConfig represents a relabeling rule. + description: |- + RelabelConfig represents a relabeling rule. + Exactly one action-specific configuration must be specified based on the action type. properties: action: + allOf: + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1802,15 +1827,89 @@ spec: - LabelMap: Copies labels matching regex to new label names derived from replacement. - LabelDrop: Drops labels matching regex. - LabelKeep: Keeps only labels matching regex. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. type: string + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when action is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when action is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when action is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when action is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when action is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object name: description: |- name is a unique identifier for this relabel configuration. @@ -1833,16 +1932,31 @@ spec: maxLength: 1000 minLength: 1 type: string - replacement: + replace: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string + replace configures the Replace action. + Required when action is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object separator: description: |- separator is the character sequence used to join source label values. @@ -1856,44 +1970,62 @@ spec: sourceLabels: description: |- sourceLabels specifies which label names to extract from each series for this relabeling rule. - Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, - and the resulting string is then matched against the regular expression for - the replace, keep, or drop actions. + and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: maxLength: 128 minLength: 1 type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' maxItems: 10 minItems: 1 type: array x-kubernetes-list-type: set - targetLabel: + uppercase: description: |- - targetLabel is the target label name where the result is written. - Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. - Must be between 1 and 128 characters in length when specified. - maxLength: 128 - minLength: 1 - type: string + uppercase configures the Uppercase action. + Required when action is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - action - name type: object x-kubernetes-validations: - - message: targetLabel is required when action is Replace, - HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, - and forbidden otherwise - rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', - ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) - && size(self.targetLabel) > 0) : !has(self.targetLabel)' - - message: replacement is only valid when action is Replace - or LabelMap - rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + - message: exactly one action-specific configuration must + be specified and must match the action type + rule: '(self.action == ''Replace'' ? has(self.replace) + : !has(self.replace)) && (self.action == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)) && (self.action + == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) + && (self.action == ''Uppercase'' ? has(self.uppercase) + : !has(self.uppercase)) && (self.action == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action + == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) + && (self.action == ''LabelMap'' ? has(self.labelMap) + : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index 22d7c682be5..77c79227180 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -563,6 +563,22 @@ func (in *ContainerResource) DeepCopy() *ContainerResource { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DropEqualActionConfig) DeepCopyInto(out *DropEqualActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DropEqualActionConfig. +func (in *DropEqualActionConfig) DeepCopy() *DropEqualActionConfig { + if in == nil { + return nil + } + out := new(DropEqualActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EtcdBackupSpec) DeepCopyInto(out *EtcdBackupSpec) { *out = *in @@ -606,6 +622,22 @@ func (in *GatherConfig) DeepCopy() *GatherConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HashModActionConfig) DeepCopyInto(out *HashModActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashModActionConfig. +func (in *HashModActionConfig) DeepCopy() *HashModActionConfig { + if in == nil { + return nil + } + out := new(HashModActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePolicy) DeepCopyInto(out *ImagePolicy) { *out = *in @@ -904,6 +936,22 @@ func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KeepEqualActionConfig) DeepCopyInto(out *KeepEqualActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeepEqualActionConfig. +func (in *KeepEqualActionConfig) DeepCopy() *KeepEqualActionConfig { + if in == nil { + return nil + } + out := new(KeepEqualActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Label) DeepCopyInto(out *Label) { *out = *in @@ -920,6 +968,43 @@ func (in *Label) DeepCopy() *Label { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LabelMapActionConfig) DeepCopyInto(out *LabelMapActionConfig) { + *out = *in + if in.Replacement != nil { + in, out := &in.Replacement, &out.Replacement + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LabelMapActionConfig. +func (in *LabelMapActionConfig) DeepCopy() *LabelMapActionConfig { + if in == nil { + return nil + } + out := new(LabelMapActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LowercaseActionConfig) DeepCopyInto(out *LowercaseActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LowercaseActionConfig. +func (in *LowercaseActionConfig) DeepCopy() *LowercaseActionConfig { + if in == nil { + return nil + } + out := new(LowercaseActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { *out = *in @@ -1240,11 +1325,41 @@ func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.Replacement != nil { - in, out := &in.Replacement, &out.Replacement - *out = new(string) + if in.Replace != nil { + in, out := &in.Replace, &out.Replace + *out = new(ReplaceActionConfig) + (*in).DeepCopyInto(*out) + } + if in.HashMod != nil { + in, out := &in.HashMod, &out.HashMod + *out = new(HashModActionConfig) + **out = **in + } + if in.Lowercase != nil { + in, out := &in.Lowercase, &out.Lowercase + *out = new(LowercaseActionConfig) + **out = **in + } + if in.Uppercase != nil { + in, out := &in.Uppercase, &out.Uppercase + *out = new(UppercaseActionConfig) + **out = **in + } + if in.KeepEqual != nil { + in, out := &in.KeepEqual, &out.KeepEqual + *out = new(KeepEqualActionConfig) **out = **in } + if in.DropEqual != nil { + in, out := &in.DropEqual, &out.DropEqual + *out = new(DropEqualActionConfig) + **out = **in + } + if in.LabelMap != nil { + in, out := &in.LabelMap, &out.LabelMap + *out = new(LabelMapActionConfig) + (*in).DeepCopyInto(*out) + } return } @@ -1281,6 +1396,27 @@ func (in *RemoteWriteSpec) DeepCopy() *RemoteWriteSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplaceActionConfig) DeepCopyInto(out *ReplaceActionConfig) { + *out = *in + if in.Replacement != nil { + in, out := &in.Replacement, &out.Replacement + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplaceActionConfig. +func (in *ReplaceActionConfig) DeepCopy() *ReplaceActionConfig { + if in == nil { + return nil + } + out := new(ReplaceActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Retention) DeepCopyInto(out *Retention) { *out = *in @@ -1411,6 +1547,22 @@ func (in *TLSConfig) DeepCopy() *TLSConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UppercaseActionConfig) DeepCopyInto(out *UppercaseActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UppercaseActionConfig. +func (in *UppercaseActionConfig) DeepCopy() *UppercaseActionConfig { + if in == nil { + return nil + } + out := new(UppercaseActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserDefinedMonitoring) DeepCopyInto(out *UserDefinedMonitoring) { *out = *in diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 00031d7ffe8..ab6cf0bc3e6 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -1307,10 +1307,9 @@ spec: - Route different types of alerts to different teams or systems - Integrate with existing enterprise alerting infrastructure - Maintain separate alert routing for compliance or organizational requirements - By default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). - Each entry must have a unique name field, which serves as the map key for server-side apply. + Each entry must have a unique name field. items: description: |- AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. @@ -1325,7 +1324,7 @@ spec: bearerToken: description: |- bearerToken defines the secret reference containing the bearer token. - Required when type is "BearerToken", forbidden otherwise. + Required when type is "BearerToken". The secret must exist in the openshift-monitoring namespace. properties: key: @@ -1361,19 +1360,16 @@ spec: type: description: |- type specifies the authentication type to use. - Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). - When set to None, no authentication credentials are sent. + Valid value is "BearerToken" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified. enum: - - None - BearerToken type: string required: - type type: object x-kubernetes-validations: - - message: bearerToken is required when type is BearerToken, - and forbidden otherwise + - message: bearerToken is required when type is BearerToken rule: 'has(self.type) && self.type == ''BearerToken'' ? has(self.bearerToken) : !has(self.bearerToken)' name: @@ -1448,7 +1444,8 @@ spec: timeoutSeconds: description: |- timeoutSeconds defines the timeout in seconds for requests to Alertmanager. - When omitted, the default is 10 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1763,7 +1760,8 @@ spec: remoteTimeoutSeconds: description: |- remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. - When omitted, the default is 30 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1789,9 +1787,36 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: RelabelConfig represents a relabeling rule. + description: |- + RelabelConfig represents a relabeling rule. + Exactly one action-specific configuration must be specified based on the action type. properties: action: + allOf: + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1802,15 +1827,89 @@ spec: - LabelMap: Copies labels matching regex to new label names derived from replacement. - LabelDrop: Drops labels matching regex. - LabelKeep: Keeps only labels matching regex. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. type: string + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when action is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when action is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when action is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when action is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when action is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object name: description: |- name is a unique identifier for this relabel configuration. @@ -1833,16 +1932,31 @@ spec: maxLength: 1000 minLength: 1 type: string - replacement: + replace: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string + replace configures the Replace action. + Required when action is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object separator: description: |- separator is the character sequence used to join source label values. @@ -1856,44 +1970,62 @@ spec: sourceLabels: description: |- sourceLabels specifies which label names to extract from each series for this relabeling rule. - Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, - and the resulting string is then matched against the regular expression for - the replace, keep, or drop actions. + and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: maxLength: 128 minLength: 1 type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' maxItems: 10 minItems: 1 type: array x-kubernetes-list-type: set - targetLabel: + uppercase: description: |- - targetLabel is the target label name where the result is written. - Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. - Must be between 1 and 128 characters in length when specified. - maxLength: 128 - minLength: 1 - type: string + uppercase configures the Uppercase action. + Required when action is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - action - name type: object x-kubernetes-validations: - - message: targetLabel is required when action is Replace, - HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, - and forbidden otherwise - rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', - ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) - && size(self.targetLabel) > 0) : !has(self.targetLabel)' - - message: replacement is only valid when action is Replace - or LabelMap - rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + - message: exactly one action-specific configuration must + be specified and must match the action type + rule: '(self.action == ''Replace'' ? has(self.replace) + : !has(self.replace)) && (self.action == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)) && (self.action + == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) + && (self.action == ''Uppercase'' ? has(self.uppercase) + : !has(self.uppercase)) && (self.action == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action + == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) + && (self.action == ''LabelMap'' ? has(self.labelMap) + : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 2f76f6b8f12..d60044cbe7a 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -125,7 +125,7 @@ var map_AdditionalAlertmanagerConfig = map[string]string{ "pathPrefix": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. Must start with \"/\" and not end with \"/\" (unless it is the root path \"/\"). Must not contain query strings (\"?\") or fragments (\"#\").", "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique.", - "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", "tlsConfig": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } @@ -169,8 +169,8 @@ func (Audit) SwaggerDoc() map[string]string { var map_AuthorizationConfig = map[string]string{ "": "AuthorizationConfig defines the authentication method for Alertmanager connections.", - "type": "type specifies the authentication type to use. Valid values are \"None\" (no authentication) and \"BearerToken\" (bearer token authentication). When set to None, no authentication credentials are sent. When set to BearerToken, the bearerToken field must be specified.", - "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + "type": "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\". The secret must exist in the openshift-monitoring namespace.", } func (AuthorizationConfig) SwaggerDoc() map[string]string { @@ -230,6 +230,33 @@ func (ContainerResource) SwaggerDoc() map[string]string { return map_ContainerResource } +var map_DropEqualActionConfig = map[string]string{ + "": "DropEqualActionConfig configures the DropEqual action. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", +} + +func (DropEqualActionConfig) SwaggerDoc() map[string]string { + return map_DropEqualActionConfig +} + +var map_HashModActionConfig = map[string]string{ + "": "HashModActionConfig configures the HashMod action.", + "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", +} + +func (HashModActionConfig) SwaggerDoc() map[string]string { + return map_HashModActionConfig +} + +var map_KeepEqualActionConfig = map[string]string{ + "": "KeepEqualActionConfig configures the KeepEqual action. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", +} + +func (KeepEqualActionConfig) SwaggerDoc() map[string]string { + return map_KeepEqualActionConfig +} + var map_Label = map[string]string{ "": "Label represents a key/value pair for external labels.", "key": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", @@ -240,6 +267,24 @@ func (Label) SwaggerDoc() map[string]string { return map_Label } +var map_LabelMapActionConfig = map[string]string{ + "": "LabelMapActionConfig configures the LabelMap action.", + "replacement": "replacement value used to derive new label names from labels matching the regex. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Must be at most 255 characters in length.", +} + +func (LabelMapActionConfig) SwaggerDoc() map[string]string { + return map_LabelMapActionConfig +} + +var map_LowercaseActionConfig = map[string]string{ + "": "LowercaseActionConfig configures the Lowercase action. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", +} + +func (LowercaseActionConfig) SwaggerDoc() map[string]string { + return map_LowercaseActionConfig +} + var map_MetricsServerConfig = map[string]string{ "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", @@ -256,7 +301,7 @@ func (MetricsServerConfig) SwaggerDoc() map[string]string { var map_PrometheusConfig = map[string]string{ "": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", - "additionalAlertmanagerConfigs": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nBy default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field, which serves as the map key for server-side apply.", + "additionalAlertmanagerConfigs": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field.", "enforcedBodySizeLimitBytes": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", "externalLabels": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", @@ -289,14 +334,19 @@ func (PrometheusOperatorConfig) SwaggerDoc() map[string]string { } var map_RelabelConfig = map[string]string{ - "": "RelabelConfig represents a relabeling rule.", + "": "RelabelConfig represents a relabeling rule. Exactly one action-specific configuration must be specified based on the action type.", "name": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", - "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique.", + "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", "separator": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", "regex": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", - "targetLabel": "targetLabel is the target label name where the result is written. Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. Must be between 1 and 128 characters in length when specified.", - "replacement": "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", - "action": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", + "action": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", + "replace": "replace configures the Replace action. Required when action is Replace.", + "hashMod": "hashMod configures the HashMod action. Required when action is HashMod.", + "lowercase": "lowercase configures the Lowercase action. Required when action is Lowercase. Requires Prometheus >= v2.36.0.", + "uppercase": "uppercase configures the Uppercase action. Required when action is Uppercase. Requires Prometheus >= v2.36.0.", + "keepEqual": "keepEqual configures the KeepEqual action. Required when action is KeepEqual. Requires Prometheus >= v2.41.0.", + "dropEqual": "dropEqual configures the DropEqual action. Required when action is DropEqual. Requires Prometheus >= v2.41.0.", + "labelMap": "labelMap configures the LabelMap action. Required when action is LabelMap.", } func (RelabelConfig) SwaggerDoc() map[string]string { @@ -307,7 +357,7 @@ var map_RemoteWriteSpec = map[string]string{ "": "RemoteWriteSpec represents configuration for remote write endpoints.", "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", "name": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", - "remoteTimeoutSeconds": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "remoteTimeoutSeconds": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", } @@ -315,6 +365,16 @@ func (RemoteWriteSpec) SwaggerDoc() map[string]string { return map_RemoteWriteSpec } +var map_ReplaceActionConfig = map[string]string{ + "": "ReplaceActionConfig configures the Replace action.", + "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "replacement": "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", +} + +func (ReplaceActionConfig) SwaggerDoc() map[string]string { + return map_ReplaceActionConfig +} + var map_Retention = map[string]string{ "": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", "durationInDays": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", @@ -348,6 +408,15 @@ func (TLSConfig) SwaggerDoc() map[string]string { return map_TLSConfig } +var map_UppercaseActionConfig = map[string]string{ + "": "UppercaseActionConfig configures the Uppercase action. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", +} + +func (UppercaseActionConfig) SwaggerDoc() map[string]string { + return map_UppercaseActionConfig +} + var map_UserDefinedMonitoring = map[string]string{ "": "UserDefinedMonitoring config for user-defined projects.", "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 44ed15f3491..2ed11df7323 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -467,8 +467,10 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.ClusterMonitoringSpec": schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref), "github.com/openshift/api/config/v1alpha1.ClusterMonitoringStatus": schema_openshift_api_config_v1alpha1_ClusterMonitoringStatus(ref), "github.com/openshift/api/config/v1alpha1.ContainerResource": schema_openshift_api_config_v1alpha1_ContainerResource(ref), + "github.com/openshift/api/config/v1alpha1.DropEqualActionConfig": schema_openshift_api_config_v1alpha1_DropEqualActionConfig(ref), "github.com/openshift/api/config/v1alpha1.EtcdBackupSpec": schema_openshift_api_config_v1alpha1_EtcdBackupSpec(ref), "github.com/openshift/api/config/v1alpha1.GatherConfig": schema_openshift_api_config_v1alpha1_GatherConfig(ref), + "github.com/openshift/api/config/v1alpha1.HashModActionConfig": schema_openshift_api_config_v1alpha1_HashModActionConfig(ref), "github.com/openshift/api/config/v1alpha1.ImagePolicy": schema_openshift_api_config_v1alpha1_ImagePolicy(ref), "github.com/openshift/api/config/v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust": schema_openshift_api_config_v1alpha1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref), "github.com/openshift/api/config/v1alpha1.ImagePolicyList": schema_openshift_api_config_v1alpha1_ImagePolicyList(ref), @@ -481,7 +483,10 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.InsightsDataGatherList": schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), + "github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig": schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref), "github.com/openshift/api/config/v1alpha1.Label": schema_openshift_api_config_v1alpha1_Label(ref), + "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig": schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig": schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref), "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), "github.com/openshift/api/config/v1alpha1.PKICertificateSubject": schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref), "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref), @@ -495,6 +500,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref), "github.com/openshift/api/config/v1alpha1.RelabelConfig": schema_openshift_api_config_v1alpha1_RelabelConfig(ref), "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec": schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref), + "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig": schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref), "github.com/openshift/api/config/v1alpha1.Retention": schema_openshift_api_config_v1alpha1_Retention(ref), "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig": schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref), "github.com/openshift/api/config/v1alpha1.RetentionPolicy": schema_openshift_api_config_v1alpha1_RetentionPolicy(ref), @@ -502,6 +508,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.SecretKeySelector": schema_openshift_api_config_v1alpha1_SecretKeySelector(ref), "github.com/openshift/api/config/v1alpha1.Storage": schema_openshift_api_config_v1alpha1_Storage(ref), "github.com/openshift/api/config/v1alpha1.TLSConfig": schema_openshift_api_config_v1alpha1_TLSConfig(ref), + "github.com/openshift/api/config/v1alpha1.UppercaseActionConfig": schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref), "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring": schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref), "github.com/openshift/api/config/v1alpha2.Custom": schema_openshift_api_config_v1alpha2_Custom(ref), "github.com/openshift/api/config/v1alpha2.GatherConfig": schema_openshift_api_config_v1alpha2_GatherConfig(ref), @@ -22387,7 +22394,7 @@ func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref commo }, "timeoutSeconds": { SchemaProps: spec.SchemaProps{ - Description: "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Description: "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", Type: []string{"integer"}, Format: "int32", }, @@ -22596,14 +22603,14 @@ func schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref common.Referen Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type specifies the authentication type to use. Valid values are \"None\" (no authentication) and \"BearerToken\" (bearer token authentication). When set to None, no authentication credentials are sent. When set to BearerToken, the bearerToken field must be specified.", + Description: "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", Type: []string{"string"}, Format: "", }, }, "bearerToken": { SchemaProps: spec.SchemaProps{ - Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\". The secret must exist in the openshift-monitoring namespace.", Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), }, @@ -23309,6 +23316,27 @@ func schema_openshift_api_config_v1alpha1_ContainerResource(ref common.Reference } } +func schema_openshift_api_config_v1alpha1_DropEqualActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DropEqualActionConfig configures the DropEqual action. Requires Prometheus >= v2.41.0.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_EtcdBackupSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23398,6 +23426,27 @@ func schema_openshift_api_config_v1alpha1_GatherConfig(ref common.ReferenceCallb } } +func schema_openshift_api_config_v1alpha1_HashModActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "HashModActionConfig configures the HashMod action.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_ImagePolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23842,6 +23891,27 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref common.Re } } +func schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KeepEqualActionConfig configures the KeepEqual action. Requires Prometheus >= v2.41.0.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_Label(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23870,6 +23940,47 @@ func schema_openshift_api_config_v1alpha1_Label(ref common.ReferenceCallback) co } } +func schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "LabelMapActionConfig configures the LabelMap action.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "replacement": { + SchemaProps: spec.SchemaProps{ + Description: "replacement value used to derive new label names from labels matching the regex. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Must be at most 255 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "LowercaseActionConfig configures the Lowercase action. Requires Prometheus >= v2.36.0.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24260,7 +24371,7 @@ func schema_openshift_api_config_v1alpha1_PrometheusConfig(ref common.ReferenceC }, }, SchemaProps: spec.SchemaProps{ - Description: "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nBy default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field, which serves as the map key for server-side apply.", + Description: "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -24551,7 +24662,7 @@ func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCall return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RelabelConfig represents a relabeling rule.", + Description: "RelabelConfig represents a relabeling rule. Exactly one action-specific configuration must be specified based on the action type.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "name": { @@ -24568,7 +24679,7 @@ func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCall }, }, SchemaProps: spec.SchemaProps{ - Description: "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique.", + Description: "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -24595,31 +24706,83 @@ func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCall Format: "", }, }, - "targetLabel": { + "action": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the target label name where the result is written. Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. Must be between 1 and 128 characters in length when specified.", + Description: "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", Type: []string{"string"}, Format: "", }, }, - "replacement": { + "replace": { SchemaProps: spec.SchemaProps{ - Description: "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", - Type: []string{"string"}, - Format: "", + Description: "replace configures the Replace action. Required when action is Replace.", + Ref: ref("github.com/openshift/api/config/v1alpha1.ReplaceActionConfig"), }, }, - "action": { + "hashMod": { SchemaProps: spec.SchemaProps{ - Description: "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", - Type: []string{"string"}, - Format: "", + Description: "hashMod configures the HashMod action. Required when action is HashMod.", + Ref: ref("github.com/openshift/api/config/v1alpha1.HashModActionConfig"), + }, + }, + "lowercase": { + SchemaProps: spec.SchemaProps{ + Description: "lowercase configures the Lowercase action. Required when action is Lowercase. Requires Prometheus >= v2.36.0.", + Ref: ref("github.com/openshift/api/config/v1alpha1.LowercaseActionConfig"), + }, + }, + "uppercase": { + SchemaProps: spec.SchemaProps{ + Description: "uppercase configures the Uppercase action. Required when action is Uppercase. Requires Prometheus >= v2.36.0.", + Ref: ref("github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"), + }, + }, + "keepEqual": { + SchemaProps: spec.SchemaProps{ + Description: "keepEqual configures the KeepEqual action. Required when action is KeepEqual. Requires Prometheus >= v2.41.0.", + Ref: ref("github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig"), + }, + }, + "dropEqual": { + SchemaProps: spec.SchemaProps{ + Description: "dropEqual configures the DropEqual action. Required when action is DropEqual. Requires Prometheus >= v2.41.0.", + Ref: ref("github.com/openshift/api/config/v1alpha1.DropEqualActionConfig"), + }, + }, + "labelMap": { + SchemaProps: spec.SchemaProps{ + Description: "labelMap configures the LabelMap action. Required when action is LabelMap.", + Ref: ref("github.com/openshift/api/config/v1alpha1.LabelMapActionConfig"), }, }, }, Required: []string{"name", "action"}, }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "action", + "fields-to-discriminateBy": map[string]interface{}{ + "dropEqual": "DropEqual", + "hashMod": "HashMod", + "keepEqual": "KeepEqual", + "labelMap": "LabelMap", + "lowercase": "Lowercase", + "name": "Name", + "regex": "Regex", + "replace": "Replace", + "separator": "Separator", + "sourceLabels": "SourceLabels", + "uppercase": "Uppercase", + }, + }, + }, + }, + }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.DropEqualActionConfig", "github.com/openshift/api/config/v1alpha1.HashModActionConfig", "github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig", "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig", "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig", "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig", "github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"}, } } @@ -24646,7 +24809,7 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa }, "remoteTimeoutSeconds": { SchemaProps: spec.SchemaProps{ - Description: "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Description: "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", Type: []string{"integer"}, Format: "int32", }, @@ -24682,6 +24845,34 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa } } +func schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ReplaceActionConfig configures the Replace action.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "replacement": { + SchemaProps: spec.SchemaProps{ + Description: "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_Retention(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24916,6 +25107,27 @@ func schema_openshift_api_config_v1alpha1_TLSConfig(ref common.ReferenceCallback } } +func schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UppercaseActionConfig configures the Uppercase action. Requires Prometheus >= v2.36.0.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index d45c89e6172..705ae4df169 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -12196,7 +12196,7 @@ "x-kubernetes-list-type": "set" }, "timeoutSeconds": { - "description": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "description": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", "type": "integer", "format": "int32" }, @@ -12311,12 +12311,12 @@ ], "properties": { "bearerToken": { - "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\". The secret must exist in the openshift-monitoring namespace.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" }, "type": { - "description": "type specifies the authentication type to use. Valid values are \"None\" (no authentication) and \"BearerToken\" (bearer token authentication). When set to None, no authentication credentials are sent. When set to BearerToken, the bearerToken field must be specified.", + "description": "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", "type": "string" } }, @@ -12620,6 +12620,19 @@ } } }, + "com.github.openshift.api.config.v1alpha1.DropEqualActionConfig": { + "description": "DropEqualActionConfig configures the DropEqual action. Requires Prometheus >= v2.41.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.EtcdBackupSpec": { "description": "EtcdBackupSpec provides configuration for automated etcd backups to the cluster-etcd-operator", "type": "object", @@ -12668,6 +12681,19 @@ } } }, + "com.github.openshift.api.config.v1alpha1.HashModActionConfig": { + "description": "HashModActionConfig configures the HashMod action.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.ImagePolicy": { "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -12935,6 +12961,19 @@ "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus": { "type": "object" }, + "com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig": { + "description": "KeepEqualActionConfig configures the KeepEqual action. Requires Prometheus >= v2.41.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.Label": { "description": "Label represents a key/value pair for external labels.", "type": "object", @@ -12953,6 +12992,29 @@ } } }, + "com.github.openshift.api.config.v1alpha1.LabelMapActionConfig": { + "description": "LabelMapActionConfig configures the LabelMap action.", + "type": "object", + "properties": { + "replacement": { + "description": "replacement value used to derive new label names from labels matching the regex. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Must be at most 255 characters in length.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.LowercaseActionConfig": { + "description": "LowercaseActionConfig configures the Lowercase action. Requires Prometheus >= v2.36.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "type": "object", @@ -13180,7 +13242,7 @@ "type": "object", "properties": { "additionalAlertmanagerConfigs": { - "description": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nBy default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field, which serves as the map key for server-side apply.", + "description": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field.", "type": "array", "items": { "default": {}, @@ -13286,7 +13348,7 @@ } }, "com.github.openshift.api.config.v1alpha1.RelabelConfig": { - "description": "RelabelConfig represents a relabeling rule.", + "description": "RelabelConfig represents a relabeling rule. Exactly one action-specific configuration must be specified based on the action type.", "type": "object", "required": [ "name", @@ -13294,9 +13356,29 @@ ], "properties": { "action": { - "description": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", + "description": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", "type": "string" }, + "dropEqual": { + "description": "dropEqual configures the DropEqual action. Required when action is DropEqual. Requires Prometheus >= v2.41.0.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DropEqualActionConfig" + }, + "hashMod": { + "description": "hashMod configures the HashMod action. Required when action is HashMod.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.HashModActionConfig" + }, + "keepEqual": { + "description": "keepEqual configures the KeepEqual action. Required when action is KeepEqual. Requires Prometheus >= v2.41.0.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig" + }, + "labelMap": { + "description": "labelMap configures the LabelMap action. Required when action is LabelMap.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LabelMapActionConfig" + }, + "lowercase": { + "description": "lowercase configures the Lowercase action. Required when action is Lowercase. Requires Prometheus >= v2.36.0.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LowercaseActionConfig" + }, "name": { "description": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", "type": "string" @@ -13305,16 +13387,16 @@ "description": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", "type": "string" }, - "replacement": { - "description": "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", - "type": "string" + "replace": { + "description": "replace configures the Replace action. Required when action is Replace.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ReplaceActionConfig" }, "separator": { "description": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", "type": "string" }, "sourceLabels": { - "description": "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique.", + "description": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", "type": "array", "items": { "type": "string", @@ -13322,11 +13404,29 @@ }, "x-kubernetes-list-type": "set" }, - "targetLabel": { - "description": "targetLabel is the target label name where the result is written. Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. Must be between 1 and 128 characters in length when specified.", - "type": "string" + "uppercase": { + "description": "uppercase configures the Uppercase action. Required when action is Uppercase. Requires Prometheus >= v2.36.0.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UppercaseActionConfig" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "action", + "fields-to-discriminateBy": { + "dropEqual": "DropEqual", + "hashMod": "HashMod", + "keepEqual": "KeepEqual", + "labelMap": "LabelMap", + "lowercase": "Lowercase", + "name": "Name", + "regex": "Regex", + "replace": "Replace", + "separator": "Separator", + "sourceLabels": "SourceLabels", + "uppercase": "Uppercase" + } + } + ] }, "com.github.openshift.api.config.v1alpha1.RemoteWriteSpec": { "description": "RemoteWriteSpec represents configuration for remote write endpoints.", @@ -13340,7 +13440,7 @@ "type": "string" }, "remoteTimeoutSeconds": { - "description": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "description": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", "type": "integer", "format": "int32" }, @@ -13362,6 +13462,23 @@ } } }, + "com.github.openshift.api.config.v1alpha1.ReplaceActionConfig": { + "description": "ReplaceActionConfig configures the Replace action.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "replacement": { + "description": "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + "type": "string" + }, + "targetLabel": { + "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.Retention": { "description": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", "type": "object", @@ -13509,6 +13626,19 @@ } } }, + "com.github.openshift.api.config.v1alpha1.UppercaseActionConfig": { + "description": "UppercaseActionConfig configures the Uppercase action. Requires Prometheus >= v2.36.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring": { "description": "UserDefinedMonitoring config for user-defined projects.", "type": "object", diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 0428b19497a..e52f1b881bc 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1307,10 +1307,9 @@ spec: - Route different types of alerts to different teams or systems - Integrate with existing enterprise alerting infrastructure - Maintain separate alert routing for compliance or organizational requirements - By default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). - Each entry must have a unique name field, which serves as the map key for server-side apply. + Each entry must have a unique name field. items: description: |- AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. @@ -1325,7 +1324,7 @@ spec: bearerToken: description: |- bearerToken defines the secret reference containing the bearer token. - Required when type is "BearerToken", forbidden otherwise. + Required when type is "BearerToken". The secret must exist in the openshift-monitoring namespace. properties: key: @@ -1361,19 +1360,16 @@ spec: type: description: |- type specifies the authentication type to use. - Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). - When set to None, no authentication credentials are sent. + Valid value is "BearerToken" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified. enum: - - None - BearerToken type: string required: - type type: object x-kubernetes-validations: - - message: bearerToken is required when type is BearerToken, - and forbidden otherwise + - message: bearerToken is required when type is BearerToken rule: 'has(self.type) && self.type == ''BearerToken'' ? has(self.bearerToken) : !has(self.bearerToken)' name: @@ -1448,7 +1444,8 @@ spec: timeoutSeconds: description: |- timeoutSeconds defines the timeout in seconds for requests to Alertmanager. - When omitted, the default is 10 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1763,7 +1760,8 @@ spec: remoteTimeoutSeconds: description: |- remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. - When omitted, the default is 30 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1789,9 +1787,36 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: RelabelConfig represents a relabeling rule. + description: |- + RelabelConfig represents a relabeling rule. + Exactly one action-specific configuration must be specified based on the action type. properties: action: + allOf: + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1802,15 +1827,89 @@ spec: - LabelMap: Copies labels matching regex to new label names derived from replacement. - LabelDrop: Drops labels matching regex. - LabelKeep: Keeps only labels matching regex. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. type: string + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when action is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when action is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when action is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when action is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when action is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object name: description: |- name is a unique identifier for this relabel configuration. @@ -1833,16 +1932,31 @@ spec: maxLength: 1000 minLength: 1 type: string - replacement: + replace: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string + replace configures the Replace action. + Required when action is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object separator: description: |- separator is the character sequence used to join source label values. @@ -1856,44 +1970,62 @@ spec: sourceLabels: description: |- sourceLabels specifies which label names to extract from each series for this relabeling rule. - Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, - and the resulting string is then matched against the regular expression for - the replace, keep, or drop actions. + and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: maxLength: 128 minLength: 1 type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' maxItems: 10 minItems: 1 type: array x-kubernetes-list-type: set - targetLabel: + uppercase: description: |- - targetLabel is the target label name where the result is written. - Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. - Must be between 1 and 128 characters in length when specified. - maxLength: 128 - minLength: 1 - type: string + uppercase configures the Uppercase action. + Required when action is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - action - name type: object x-kubernetes-validations: - - message: targetLabel is required when action is Replace, - HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, - and forbidden otherwise - rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', - ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) - && size(self.targetLabel) > 0) : !has(self.targetLabel)' - - message: replacement is only valid when action is Replace - or LabelMap - rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + - message: exactly one action-specific configuration must + be specified and must match the action type + rule: '(self.action == ''Replace'' ? has(self.replace) + : !has(self.replace)) && (self.action == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)) && (self.action + == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) + && (self.action == ''Uppercase'' ? has(self.uppercase) + : !has(self.uppercase)) && (self.action == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action + == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) + && (self.action == ''LabelMap'' ? has(self.labelMap) + : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 4c166e1b8bb..f355a4bbe88 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1307,10 +1307,9 @@ spec: - Route different types of alerts to different teams or systems - Integrate with existing enterprise alerting infrastructure - Maintain separate alert routing for compliance or organizational requirements - By default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). - Each entry must have a unique name field, which serves as the map key for server-side apply. + Each entry must have a unique name field. items: description: |- AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. @@ -1325,7 +1324,7 @@ spec: bearerToken: description: |- bearerToken defines the secret reference containing the bearer token. - Required when type is "BearerToken", forbidden otherwise. + Required when type is "BearerToken". The secret must exist in the openshift-monitoring namespace. properties: key: @@ -1361,19 +1360,16 @@ spec: type: description: |- type specifies the authentication type to use. - Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). - When set to None, no authentication credentials are sent. + Valid value is "BearerToken" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified. enum: - - None - BearerToken type: string required: - type type: object x-kubernetes-validations: - - message: bearerToken is required when type is BearerToken, - and forbidden otherwise + - message: bearerToken is required when type is BearerToken rule: 'has(self.type) && self.type == ''BearerToken'' ? has(self.bearerToken) : !has(self.bearerToken)' name: @@ -1448,7 +1444,8 @@ spec: timeoutSeconds: description: |- timeoutSeconds defines the timeout in seconds for requests to Alertmanager. - When omitted, the default is 10 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1763,7 +1760,8 @@ spec: remoteTimeoutSeconds: description: |- remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. - When omitted, the default is 30 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1789,9 +1787,36 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: RelabelConfig represents a relabeling rule. + description: |- + RelabelConfig represents a relabeling rule. + Exactly one action-specific configuration must be specified based on the action type. properties: action: + allOf: + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1802,15 +1827,89 @@ spec: - LabelMap: Copies labels matching regex to new label names derived from replacement. - LabelDrop: Drops labels matching regex. - LabelKeep: Keeps only labels matching regex. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. type: string + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when action is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when action is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when action is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when action is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when action is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object name: description: |- name is a unique identifier for this relabel configuration. @@ -1833,16 +1932,31 @@ spec: maxLength: 1000 minLength: 1 type: string - replacement: + replace: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string + replace configures the Replace action. + Required when action is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object separator: description: |- separator is the character sequence used to join source label values. @@ -1856,44 +1970,62 @@ spec: sourceLabels: description: |- sourceLabels specifies which label names to extract from each series for this relabeling rule. - Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, - and the resulting string is then matched against the regular expression for - the replace, keep, or drop actions. + and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: maxLength: 128 minLength: 1 type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' maxItems: 10 minItems: 1 type: array x-kubernetes-list-type: set - targetLabel: + uppercase: description: |- - targetLabel is the target label name where the result is written. - Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. - Must be between 1 and 128 characters in length when specified. - maxLength: 128 - minLength: 1 - type: string + uppercase configures the Uppercase action. + Required when action is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - action - name type: object x-kubernetes-validations: - - message: targetLabel is required when action is Replace, - HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, - and forbidden otherwise - rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', - ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) - && size(self.targetLabel) > 0) : !has(self.targetLabel)' - - message: replacement is only valid when action is Replace - or LabelMap - rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + - message: exactly one action-specific configuration must + be specified and must match the action type + rule: '(self.action == ''Replace'' ? has(self.replace) + : !has(self.replace)) && (self.action == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)) && (self.action + == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) + && (self.action == ''Uppercase'' ? has(self.uppercase) + : !has(self.uppercase)) && (self.action == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action + == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) + && (self.action == ''LabelMap'' ? has(self.labelMap) + : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 99b6a734fc4..66122f41119 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1307,10 +1307,9 @@ spec: - Route different types of alerts to different teams or systems - Integrate with existing enterprise alerting infrastructure - Maintain separate alert routing for compliance or organizational requirements - By default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). - Each entry must have a unique name field, which serves as the map key for server-side apply. + Each entry must have a unique name field. items: description: |- AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. @@ -1325,7 +1324,7 @@ spec: bearerToken: description: |- bearerToken defines the secret reference containing the bearer token. - Required when type is "BearerToken", forbidden otherwise. + Required when type is "BearerToken". The secret must exist in the openshift-monitoring namespace. properties: key: @@ -1361,19 +1360,16 @@ spec: type: description: |- type specifies the authentication type to use. - Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). - When set to None, no authentication credentials are sent. + Valid value is "BearerToken" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified. enum: - - None - BearerToken type: string required: - type type: object x-kubernetes-validations: - - message: bearerToken is required when type is BearerToken, - and forbidden otherwise + - message: bearerToken is required when type is BearerToken rule: 'has(self.type) && self.type == ''BearerToken'' ? has(self.bearerToken) : !has(self.bearerToken)' name: @@ -1448,7 +1444,8 @@ spec: timeoutSeconds: description: |- timeoutSeconds defines the timeout in seconds for requests to Alertmanager. - When omitted, the default is 10 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1763,7 +1760,8 @@ spec: remoteTimeoutSeconds: description: |- remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. - When omitted, the default is 30 seconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes). format: int32 @@ -1789,9 +1787,36 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: RelabelConfig represents a relabeling rule. + description: |- + RelabelConfig represents a relabeling rule. + Exactly one action-specific configuration must be specified based on the action type. properties: action: + allOf: + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + - enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1802,15 +1827,89 @@ spec: - LabelMap: Copies labels matching regex to new label names derived from replacement. - LabelDrop: Drops labels matching regex. - LabelKeep: Keeps only labels matching regex. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. type: string + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when action is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when action is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when action is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when action is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when action is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object name: description: |- name is a unique identifier for this relabel configuration. @@ -1833,16 +1932,31 @@ spec: maxLength: 1000 minLength: 1 type: string - replacement: + replace: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string + replace configures the Replace action. + Required when action is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object separator: description: |- separator is the character sequence used to join source label values. @@ -1856,44 +1970,62 @@ spec: sourceLabels: description: |- sourceLabels specifies which label names to extract from each series for this relabeling rule. - Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, - and the resulting string is then matched against the regular expression for - the replace, keep, or drop actions. + and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: maxLength: 128 minLength: 1 type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' maxItems: 10 minItems: 1 type: array x-kubernetes-list-type: set - targetLabel: + uppercase: description: |- - targetLabel is the target label name where the result is written. - Required for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,`KeepEqual` and `DropEqual` actions. - Must be between 1 and 128 characters in length when specified. - maxLength: 128 - minLength: 1 - type: string + uppercase configures the Uppercase action. + Required when action is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - action - name type: object x-kubernetes-validations: - - message: targetLabel is required when action is Replace, - HashMod, Lowercase, Uppercase, KeepEqual or DropEqual, - and forbidden otherwise - rule: 'self.action in [''Replace'', ''HashMod'', ''Lowercase'', - ''Uppercase'', ''KeepEqual'', ''DropEqual''] ? (has(self.targetLabel) - && size(self.targetLabel) > 0) : !has(self.targetLabel)' - - message: replacement is only valid when action is Replace - or LabelMap - rule: self.action in ['Replace', 'LabelMap'] || !has(self.replacement) + - message: exactly one action-specific configuration must + be specified and must match the action type + rule: '(self.action == ''Replace'' ? has(self.replace) + : !has(self.replace)) && (self.action == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)) && (self.action + == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) + && (self.action == ''Uppercase'' ? has(self.uppercase) + : !has(self.uppercase)) && (self.action == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action + == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) + && (self.action == ''LabelMap'' ? has(self.labelMap) + : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array From d778a634565fe7a8cf12ed5ec84f12ea8362c713 Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Tue, 27 Jan 2026 11:42:51 +0100 Subject: [PATCH 3/9] fix test Signed-off-by: Mario Fernandez --- .../ClusterMonitoringConfig.yaml | 34 ++++++++-------- config/v1alpha1/types_cluster_monitoring.go | 16 ++++---- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 40 ++++++------------- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 40 ++++++------------- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 40 ++++++------------- config/v1alpha1/zz_generated.deepcopy.go | 36 +++-------------- .../ClusterMonitoringConfig.yaml | 40 ++++++------------- .../zz_generated.swagger_doc_generated.go | 2 +- .../generated_openapi/zz_generated.openapi.go | 8 +++- openapi/openapi.json | 8 +++- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 40 ++++++------------- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 40 ++++++------------- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 40 ++++++------------- 13 files changed, 135 insertions(+), 249 deletions(-) diff --git a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 508c7401e26..c6aa133165c 100644 --- a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -510,7 +510,7 @@ tests: mode: "Disabled" prometheusConfig: logLevel: Invalid - expectedError: 'spec.prometheusConfig.logLevel: Invalid value: "Invalid": spec.prometheusConfig.logLevel in body should be one of [Error Warn Info Debug]' + expectedError: 'spec.prometheusConfig.logLevel: Unsupported value: "Invalid": supported values: "Error", "Warn", "Info", "Debug"' - name: Should reject PrometheusConfig with invalid collectionProfile initial: | apiVersion: config.openshift.io/v1alpha1 @@ -520,7 +520,7 @@ tests: mode: "Disabled" prometheusConfig: collectionProfile: Invalid - expectedError: 'spec.prometheusConfig.collectionProfile: Invalid value: "Invalid": spec.prometheusConfig.collectionProfile in body should be one of [Full Minimal]' + expectedError: 'spec.prometheusConfig.collectionProfile: Unsupported value: "Invalid": supported values: "Full", "Minimal"' - name: Should reject PrometheusConfig with nodeSelector exceeding max properties initial: | apiVersion: config.openshift.io/v1alpha1 @@ -541,7 +541,7 @@ tests: key9: value9 key10: value10 key11: value11 - expectedError: 'spec.prometheusConfig.nodeSelector: Too many properties: 11: must not have more than 10 properties' + expectedError: 'spec.prometheusConfig.nodeSelector: Too many: 11: must have at most 10 items' - name: Should reject PrometheusConfig with queryLogFile not starting with / or containing / initial: | apiVersion: config.openshift.io/v1alpha1 @@ -551,7 +551,7 @@ tests: mode: "Disabled" prometheusConfig: queryLogFile: relative/path.log - expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "relative/path.log": must be an absolute path starting with "/" or a simple filename without "/"' + expectedError: "spec.prometheusConfig.queryLogFile: Invalid value: \"string\": must be an absolute path starting with '/' or a simple filename without '/'" - name: Should reject PrometheusConfig with queryLogFile ending with / initial: | apiVersion: config.openshift.io/v1alpha1 @@ -561,7 +561,7 @@ tests: mode: "Disabled" prometheusConfig: queryLogFile: /var/log/queries/ - expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "/var/log/queries/": must not contain "//", end with "/", or contain ".."' + expectedError: "spec.prometheusConfig.queryLogFile: Invalid value: \"string\": must not contain '//', end with '/', or contain '..'" - name: Should reject PrometheusConfig with queryLogFile containing // initial: | apiVersion: config.openshift.io/v1alpha1 @@ -571,7 +571,7 @@ tests: mode: "Disabled" prometheusConfig: queryLogFile: /var//log/queries.log - expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "/var//log/queries.log": must not contain "//", end with "/", or contain ".."' + expectedError: "spec.prometheusConfig.queryLogFile: Invalid value: \"string\": must not contain '//', end with '/', or contain '..'" - name: Should reject PrometheusConfig with queryLogFile containing .. initial: | apiVersion: config.openshift.io/v1alpha1 @@ -581,7 +581,7 @@ tests: mode: "Disabled" prometheusConfig: queryLogFile: /var/log/../queries.log - expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "/var/log/../queries.log": must not contain "//", end with "/", or contain ".."' + expectedError: "spec.prometheusConfig.queryLogFile: Invalid value: \"string\": must not contain '//', end with '/', or contain '..'" - name: Should reject PrometheusConfig with queryLogFile containing invalid /dev/ path initial: | apiVersion: config.openshift.io/v1alpha1 @@ -591,7 +591,7 @@ tests: mode: "Disabled" prometheusConfig: queryLogFile: /dev/random - expectedError: 'spec.prometheusConfig.queryLogFile: Invalid value: "/dev/random": only /dev/stdout, /dev/stderr, and /dev/null are allowed as /dev/ paths' + expectedError: "spec.prometheusConfig.queryLogFile: Invalid value: \"string\": only /dev/stdout, /dev/stderr, and /dev/null are allowed as /dev/ paths" - name: Should accept PrometheusConfig with queryLogFile as /dev/stdout initial: | apiVersion: config.openshift.io/v1alpha1 @@ -800,7 +800,7 @@ tests: prometheusConfig: remoteWrite: - url: invalid-url - expectedError: 'spec.prometheusConfig.remoteWrite[0].url: Invalid value: "invalid-url": must be a valid URL with http or https scheme' + expectedError: "spec.prometheusConfig.remoteWrite[0].url: Invalid value: \"string\": must be a valid URL with http or https scheme" - name: Should reject PrometheusConfig with remoteWrite URL not http/https initial: | apiVersion: config.openshift.io/v1alpha1 @@ -811,7 +811,7 @@ tests: prometheusConfig: remoteWrite: - url: ftp://remote.example.com/write - expectedError: 'spec.prometheusConfig.remoteWrite[0].url: Invalid value: "ftp://remote.example.com/write": must be a valid URL with http or https scheme' + expectedError: "spec.prometheusConfig.remoteWrite[0].url: Invalid value: \"string\": must be a valid URL with http or https scheme" - name: Should reject PrometheusConfig with remoteWrite name invalid characters initial: | apiVersion: config.openshift.io/v1alpha1 @@ -823,7 +823,7 @@ tests: remoteWrite: - url: https://remote.example.com/write name: invalid@name - expectedError: 'spec.prometheusConfig.remoteWrite[0].name: Invalid value: "invalid@name": must contain only alphanumeric characters, hyphens, and underscores' + expectedError: "spec.prometheusConfig.remoteWrite[0].name: Invalid value: \"string\": must contain only alphanumeric characters, hyphens, and underscores" - name: Should reject PrometheusConfig with remoteWrite remoteTimeoutSeconds below minimum initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1109,7 +1109,6 @@ tests: action: Replace sourceLabels: - instance - targetLabel: instance replace: targetLabel: instance replacement: "$1" @@ -1127,7 +1126,6 @@ tests: action: Replace sourceLabels: - instance - targetLabel: instance replace: targetLabel: instance replacement: "$1" @@ -1456,7 +1454,7 @@ tests: writeRelabelConfigs: - name: invalid-action action: InvalidAction - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "InvalidAction": spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action in body should be one of [Replace Keep Drop HashMod LabelMap LabelDrop LabelKeep Lowercase Uppercase KeepEqual DropEqual]' + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Unsupported value: "InvalidAction": supported values: "Replace", "Keep", "Drop", "HashMod", "LabelMap", "LabelDrop", "LabelKeep", "Lowercase", "Uppercase", "KeepEqual", "DropEqual"' - name: Should reject PrometheusConfig with Replace action missing replace config initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1611,7 +1609,7 @@ tests: writeRelabelConfigs: - name: "invalid@name" action: Keep - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].name: Invalid value: "invalid@name": must contain only alphanumeric characters, hyphens, and underscores' + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].name: Invalid value: "string": must contain only alphanumeric characters, hyphens, and underscores' - name: Should reject PrometheusConfig with RelabelConfig sourceLabels exceeding max items initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1653,7 +1651,7 @@ tests: action: Keep sourceLabels: - __meta_kubernetes_pod_name - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].sourceLabels[0]: Invalid value: "__meta_kubernetes_pod_name": label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed' + expectedError: "spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].sourceLabels[0]: Invalid value: \"string\": label names beginning with '__' (two underscores) are reserved for internal Prometheus use and are not allowed" - name: Should reject PrometheusConfig with RelabelConfig separator too long initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1667,7 +1665,7 @@ tests: writeRelabelConfigs: - name: relabel-config action: Keep - separator: ";;;;;" + separator: ";;;;;;" expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].separator: Too long: may not be more than 5 bytes' - name: Should reject PrometheusConfig with RelabelConfig regex exceeding max length initial: | @@ -1796,4 +1794,4 @@ tests: action: Keep - name: config11 action: Keep - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs: Too many: 11: must have at most 10 items' \ No newline at end of file + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs: Too many: 11: must have at most 10 items' diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 85bcf3982ab..d70fc2044ef 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -734,8 +734,7 @@ type AdditionalAlertmanagerConfig struct { // scheme defines the URL scheme to use when communicating with Alertmanager // instances. // Possible values are `HTTP` or `HTTPS`. - // When omitted, defaults to `HTTP`. - // +kubebuilder:default=HTTP + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // +optional Scheme AlertmanagerScheme `json:"scheme,omitempty"` // staticConfigs is a list of statically configured Alertmanager endpoints in the form @@ -892,48 +891,47 @@ type RelabelConfig struct { // - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. // +required // +unionDiscriminator - // +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep;Lowercase;Uppercase;KeepEqual;DropEqual Action RelabelAction `json:"action,omitempty"` // replace configures the Replace action. // Required when action is Replace. // +unionMember // +optional - Replace *ReplaceActionConfig `json:"replace,omitempty,omitzero"` + Replace ReplaceActionConfig `json:"replace,omitempty,omitzero"` // hashMod configures the HashMod action. // Required when action is HashMod. // +unionMember // +optional - HashMod *HashModActionConfig `json:"hashMod,omitempty,omitzero"` + HashMod HashModActionConfig `json:"hashMod,omitempty,omitzero"` // lowercase configures the Lowercase action. // Required when action is Lowercase. // Requires Prometheus >= v2.36.0. // +unionMember // +optional - Lowercase *LowercaseActionConfig `json:"lowercase,omitempty,omitzero"` + Lowercase LowercaseActionConfig `json:"lowercase,omitempty,omitzero"` // uppercase configures the Uppercase action. // Required when action is Uppercase. // Requires Prometheus >= v2.36.0. // +unionMember // +optional - Uppercase *UppercaseActionConfig `json:"uppercase,omitempty,omitzero"` + Uppercase UppercaseActionConfig `json:"uppercase,omitempty,omitzero"` // keepEqual configures the KeepEqual action. // Required when action is KeepEqual. // Requires Prometheus >= v2.41.0. // +unionMember // +optional - KeepEqual *KeepEqualActionConfig `json:"keepEqual,omitempty,omitzero"` + KeepEqual KeepEqualActionConfig `json:"keepEqual,omitempty,omitzero"` // dropEqual configures the DropEqual action. // Required when action is DropEqual. // Requires Prometheus >= v2.41.0. // +unionMember // +optional - DropEqual *DropEqualActionConfig `json:"dropEqual,omitempty,omitzero"` + DropEqual DropEqualActionConfig `json:"dropEqual,omitempty,omitzero"` // labelMap configures the LabelMap action. // Required when action is LabelMap. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index e52f1b881bc..decde74adce 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1408,12 +1408,11 @@ spec: - message: pathPrefix must not contain '?' or '#' rule: '!self.contains(''?'') && !self.contains(''#'')' scheme: - default: HTTP description: |- scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. - When omitted, defaults to `HTTP`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. enum: - HTTP - HTTPS @@ -1792,31 +1791,6 @@ spec: Exactly one action-specific configuration must be specified based on the action type. properties: action: - allOf: - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1831,6 +1805,18 @@ spec: - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string dropEqual: description: |- diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index f355a4bbe88..9385e7a32b9 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1408,12 +1408,11 @@ spec: - message: pathPrefix must not contain '?' or '#' rule: '!self.contains(''?'') && !self.contains(''#'')' scheme: - default: HTTP description: |- scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. - When omitted, defaults to `HTTP`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. enum: - HTTP - HTTPS @@ -1792,31 +1791,6 @@ spec: Exactly one action-specific configuration must be specified based on the action type. properties: action: - allOf: - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1831,6 +1805,18 @@ spec: - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string dropEqual: description: |- diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 66122f41119..83b091d0c95 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1408,12 +1408,11 @@ spec: - message: pathPrefix must not contain '?' or '#' rule: '!self.contains(''?'') && !self.contains(''#'')' scheme: - default: HTTP description: |- scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. - When omitted, defaults to `HTTP`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. enum: - HTTP - HTTPS @@ -1792,31 +1791,6 @@ spec: Exactly one action-specific configuration must be specified based on the action type. properties: action: - allOf: - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1831,6 +1805,18 @@ spec: - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string dropEqual: description: |- diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index 77c79227180..ed6d71026b7 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -1325,36 +1325,12 @@ func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.Replace != nil { - in, out := &in.Replace, &out.Replace - *out = new(ReplaceActionConfig) - (*in).DeepCopyInto(*out) - } - if in.HashMod != nil { - in, out := &in.HashMod, &out.HashMod - *out = new(HashModActionConfig) - **out = **in - } - if in.Lowercase != nil { - in, out := &in.Lowercase, &out.Lowercase - *out = new(LowercaseActionConfig) - **out = **in - } - if in.Uppercase != nil { - in, out := &in.Uppercase, &out.Uppercase - *out = new(UppercaseActionConfig) - **out = **in - } - if in.KeepEqual != nil { - in, out := &in.KeepEqual, &out.KeepEqual - *out = new(KeepEqualActionConfig) - **out = **in - } - if in.DropEqual != nil { - in, out := &in.DropEqual, &out.DropEqual - *out = new(DropEqualActionConfig) - **out = **in - } + in.Replace.DeepCopyInto(&out.Replace) + out.HashMod = in.HashMod + out.Lowercase = in.Lowercase + out.Uppercase = in.Uppercase + out.KeepEqual = in.KeepEqual + out.DropEqual = in.DropEqual if in.LabelMap != nil { in, out := &in.LabelMap, &out.LabelMap *out = new(LabelMapActionConfig) diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index ab6cf0bc3e6..d9f41d0f42e 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -1408,12 +1408,11 @@ spec: - message: pathPrefix must not contain '?' or '#' rule: '!self.contains(''?'') && !self.contains(''#'')' scheme: - default: HTTP description: |- scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. - When omitted, defaults to `HTTP`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. enum: - HTTP - HTTPS @@ -1792,31 +1791,6 @@ spec: Exactly one action-specific configuration must be specified based on the action type. properties: action: - allOf: - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1831,6 +1805,18 @@ spec: - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string dropEqual: description: |- diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index d60044cbe7a..92efb8f2c71 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -123,7 +123,7 @@ var map_AdditionalAlertmanagerConfig = map[string]string{ "name": "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", "authorization": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", "pathPrefix": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. Must start with \"/\" and not end with \"/\" (unless it is the root path \"/\"). Must not contain query strings (\"?\") or fragments (\"#\").", - "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", + "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique.", "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", "tlsConfig": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 2ed11df7323..c31068f9eaa 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -22367,7 +22367,7 @@ func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref commo }, "scheme": { SchemaProps: spec.SchemaProps{ - Description: "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", + Description: "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", Type: []string{"string"}, Format: "", }, @@ -24716,36 +24716,42 @@ func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCall "replace": { SchemaProps: spec.SchemaProps{ Description: "replace configures the Replace action. Required when action is Replace.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.ReplaceActionConfig"), }, }, "hashMod": { SchemaProps: spec.SchemaProps{ Description: "hashMod configures the HashMod action. Required when action is HashMod.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.HashModActionConfig"), }, }, "lowercase": { SchemaProps: spec.SchemaProps{ Description: "lowercase configures the Lowercase action. Required when action is Lowercase. Requires Prometheus >= v2.36.0.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.LowercaseActionConfig"), }, }, "uppercase": { SchemaProps: spec.SchemaProps{ Description: "uppercase configures the Uppercase action. Required when action is Uppercase. Requires Prometheus >= v2.36.0.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"), }, }, "keepEqual": { SchemaProps: spec.SchemaProps{ Description: "keepEqual configures the KeepEqual action. Required when action is KeepEqual. Requires Prometheus >= v2.41.0.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig"), }, }, "dropEqual": { SchemaProps: spec.SchemaProps{ Description: "dropEqual configures the DropEqual action. Required when action is DropEqual. Requires Prometheus >= v2.41.0.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.DropEqualActionConfig"), }, }, diff --git a/openapi/openapi.json b/openapi/openapi.json index 705ae4df169..09d5a6e2666 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -12183,7 +12183,7 @@ "type": "string" }, "scheme": { - "description": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", + "description": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "type": "string" }, "staticConfigs": { @@ -13361,14 +13361,17 @@ }, "dropEqual": { "description": "dropEqual configures the DropEqual action. Required when action is DropEqual. Requires Prometheus >= v2.41.0.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DropEqualActionConfig" }, "hashMod": { "description": "hashMod configures the HashMod action. Required when action is HashMod.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.HashModActionConfig" }, "keepEqual": { "description": "keepEqual configures the KeepEqual action. Required when action is KeepEqual. Requires Prometheus >= v2.41.0.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig" }, "labelMap": { @@ -13377,6 +13380,7 @@ }, "lowercase": { "description": "lowercase configures the Lowercase action. Required when action is Lowercase. Requires Prometheus >= v2.36.0.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LowercaseActionConfig" }, "name": { @@ -13389,6 +13393,7 @@ }, "replace": { "description": "replace configures the Replace action. Required when action is Replace.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ReplaceActionConfig" }, "separator": { @@ -13406,6 +13411,7 @@ }, "uppercase": { "description": "uppercase configures the Uppercase action. Required when action is Uppercase. Requires Prometheus >= v2.36.0.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UppercaseActionConfig" } }, diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index e52f1b881bc..decde74adce 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1408,12 +1408,11 @@ spec: - message: pathPrefix must not contain '?' or '#' rule: '!self.contains(''?'') && !self.contains(''#'')' scheme: - default: HTTP description: |- scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. - When omitted, defaults to `HTTP`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. enum: - HTTP - HTTPS @@ -1792,31 +1791,6 @@ spec: Exactly one action-specific configuration must be specified based on the action type. properties: action: - allOf: - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1831,6 +1805,18 @@ spec: - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string dropEqual: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index f355a4bbe88..9385e7a32b9 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1408,12 +1408,11 @@ spec: - message: pathPrefix must not contain '?' or '#' rule: '!self.contains(''?'') && !self.contains(''#'')' scheme: - default: HTTP description: |- scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. - When omitted, defaults to `HTTP`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. enum: - HTTP - HTTPS @@ -1792,31 +1791,6 @@ spec: Exactly one action-specific configuration must be specified based on the action type. properties: action: - allOf: - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1831,6 +1805,18 @@ spec: - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string dropEqual: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 66122f41119..83b091d0c95 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1408,12 +1408,11 @@ spec: - message: pathPrefix must not contain '?' or '#' rule: '!self.contains(''?'') && !self.contains(''#'')' scheme: - default: HTTP description: |- scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. - When omitted, defaults to `HTTP`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. enum: - HTTP - HTTPS @@ -1792,31 +1791,6 @@ spec: Exactly one action-specific configuration must be specified based on the action type. properties: action: - allOf: - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual description: |- action is the action to perform on the matched labels. Valid actions are: @@ -1831,6 +1805,18 @@ spec: - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string dropEqual: description: |- From 5229b85be2c09f9a5cd95c9031ca566e3be33e5d Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Tue, 27 Jan 2026 12:12:05 +0100 Subject: [PATCH 4/9] add leftovers remoteWriteSpec Signed-off-by: Mario Fernandez --- config/v1alpha1/types_cluster_monitoring.go | 267 ++++++- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 656 +++++++++++++++++- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 656 +++++++++++++++++- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 656 +++++++++++++++++- config/v1alpha1/zz_generated.deepcopy.go | 172 +++++ .../ClusterMonitoringConfig.yaml | 656 +++++++++++++++++- .../zz_generated.swagger_doc_generated.go | 93 ++- .../generated_openapi/zz_generated.openapi.go | 387 ++++++++++- openapi/openapi.json | 226 +++++- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 656 +++++++++++++++++- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 656 +++++++++++++++++- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 656 +++++++++++++++++- 12 files changed, 5655 insertions(+), 82 deletions(-) diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index d70fc2044ef..e6ce5e8c230 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -801,15 +801,6 @@ type RemoteWriteSpec struct { // +kubebuilder:validation:MaxLength=63 // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" Name string `json:"name,omitempty"` - // remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. - // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - // Currently the default is 30 seconds. - // Minimum value is 1 second. - // Maximum value is 600 seconds (10 minutes). - // +kubebuilder:validation:Minimum=1 - // +kubebuilder:validation:Maximum=600 - // +optional - RemoteTimeoutSeconds int32 `json:"remoteTimeoutSeconds,omitempty"` // writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. // When omitted, no relabeling is performed and all metrics are sent as-is. // Minimum of 1 and maximum of 10 relabeling rules can be specified. @@ -820,6 +811,264 @@ type RemoteWriteSpec struct { // +listType=map // +listMapKey=name WriteRelabelConfigs []RelabelConfig `json:"writeRelabelConfigs,omitempty"` + // authorization defines the authorization settings for remote write storage. + // When omitted, no authorization is performed. + // +optional + Authorization *SafeAuthorization `json:"authorization,omitempty,omitzero"` + // basicAuth defines basic authentication settings for the remote write endpoint URL. + // When omitted, no basic authentication is performed. + // +optional + BasicAuth *BasicAuth `json:"basicAuth,omitempty,omitzero"` + // bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. + // However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. + // When omitted, no bearer token file is used. + // Must be a valid file path. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + BearerTokenFile string `json:"bearerTokenFile,omitempty"` + // headers specifies the custom HTTP headers to be sent along with each remote write request. + // Headers set by Prometheus cannot be overwritten. + // When omitted, no custom headers are sent. + // Maximum of 50 headers can be specified. + // Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. + // +optional + // +kubebuilder:validation:MaxProperties=50 + Headers map[string]string `json:"headers,omitempty"` + // metadataConfig defines settings for sending series metadata to remote write storage. + // When omitted, no metadata is sent. + // +optional + MetadataConfig *MetadataConfig `json:"metadataConfig,omitempty,omitzero"` + // oauth2 defines OAuth2 authentication settings for the remote write endpoint. + // When omitted, no OAuth2 authentication is performed. + // +optional + OAuth2 *OAuth2 `json:"oauth2,omitempty,omitzero"` + // proxyUrl defines an optional proxy URL. + // If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + // The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + // When omitted, no proxy is used. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +optional + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" + ProxyURL string `json:"proxyUrl,omitempty"` + // queueConfig allows tuning configuration for remote write queue parameters. + // When omitted, default queue configuration is used. + // +optional + QueueConfig *QueueConfig `json:"queueConfig,omitempty,omitzero"` + // remoteTimeout defines the timeout value for requests to the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Must be a valid duration string (e.g., "30s", "1m", "5m"). + // Minimum value is 1 second. + // Maximum value is 10 minutes. + // +optional + // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + RemoteTimeout string `json:"remoteTimeout,omitempty"` + // sendExemplars enables sending exemplars via remote write. + // When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + // Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + // When omitted, exemplars are not sent. + // +optional + SendExemplars *bool `json:"sendExemplars,omitempty"` + // sigv4 defines AWS Signature Version 4 authentication settings. + // When omitted, no AWS SigV4 authentication is performed. + // +optional + Sigv4 *Sigv4 `json:"sigv4,omitempty,omitzero"` + // tlsConfig defines TLS authentication settings for the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig *TLSConfig `json:"tlsConfig,omitempty,omitzero"` +} + +// SafeAuthorization defines the authorization settings for remote write storage. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.credentials) : !has(self.credentials)",message="credentials is required when type is BearerToken" +// +union +type SafeAuthorization struct { + // type specifies the authorization type to use. + // Valid value is "BearerToken" (bearer token authentication). + // When set to BearerToken, the credentials field must be specified. + // +unionDiscriminator + // +required + Type AuthorizationType `json:"type,omitempty"` + // credentials defines the secret reference containing the authorization credentials. + // Required when type is "BearerToken". + // The secret must exist in the openshift-monitoring namespace. + // +unionMember + // +optional + Credentials SecretKeySelector `json:"credentials,omitempty,omitzero"` +} + +// BasicAuth defines basic authentication settings for the remote write endpoint URL. +type BasicAuth struct { + // username defines the secret reference containing the username for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Username SecretKeySelector `json:"username,omitempty"` + // password defines the secret reference containing the password for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Password SecretKeySelector `json:"password,omitempty"` +} + +// MetadataConfig defines settings for sending series metadata to remote write storage. +type MetadataConfig struct { + // send enables sending series metadata. + // When set to true, Prometheus sends metadata about time series to the remote write endpoint. + // When omitted or set to false, no metadata is sent. + // +optional + Send *bool `json:"send,omitempty"` + // sendInterval defines the interval at which metadata is sent. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Must be a valid duration string (e.g., "30s", "1m", "5m"). + // Minimum value is 1 second. + // Maximum value is 24 hours. + // +optional + // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + SendInterval string `json:"sendInterval,omitempty"` +} + +// OAuth2 defines OAuth2 authentication settings for the remote write endpoint. +type OAuth2 struct { + // clientId defines the secret reference containing the OAuth2 client ID. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientID SecretKeySelector `json:"clientId,omitempty"` + // clientSecret defines the secret reference containing the OAuth2 client secret. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientSecret SecretKeySelector `json:"clientSecret,omitempty"` + // tokenUrl is the URL to fetch the token from. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" + TokenURL string `json:"tokenUrl,omitempty"` + // scopes is a list of OAuth2 scopes to request. + // When omitted, no scopes are requested. + // Maximum of 20 scopes can be specified. + // Each scope must be between 1 and 256 characters. + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + Scopes []string `json:"scopes,omitempty"` + // endpointParams defines additional parameters to append to the token URL. + // When omitted, no additional parameters are sent. + // Maximum of 20 parameters can be specified. + // Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. + // +optional + // +kubebuilder:validation:MaxProperties=20 + EndpointParams map[string]string `json:"endpointParams,omitempty"` +} + +// QueueConfig allows tuning configuration for remote write queue parameters. +type QueueConfig struct { + // capacity is the number of samples to buffer per shard before we start dropping them. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 10000. + // Minimum value is 1. + // Maximum value is 1000000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1000000 + Capacity int32 `json:"capacity,omitempty"` + // maxShards is the maximum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 200. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MaxShards int32 `json:"maxShards,omitempty"` + // minShards is the minimum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MinShards int32 `json:"minShards,omitempty"` + // maxSamplesPerSend is the maximum number of samples per send. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1000. + // Minimum value is 1. + // Maximum value is 100000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=100000 + MaxSamplesPerSend int32 `json:"maxSamplesPerSend,omitempty"` + // batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Must be a valid duration string (e.g., "5s", "1m"). + // Minimum value is 1 second. + // Maximum value is 1 hour. + // +optional + // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + BatchSendDeadline string `json:"batchSendDeadline,omitempty"` + // minBackoff is the minimum retry delay. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Must be a valid duration string (e.g., "30ms", "1s"). + // Minimum value is 1 millisecond. + // Maximum value is 1 hour. + // +optional + // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + MinBackoff string `json:"minBackoff,omitempty"` + // maxBackoff is the maximum retry delay. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Must be a valid duration string (e.g., "5s", "1m"). + // Minimum value is 1 millisecond. + // Maximum value is 1 hour. + // +optional + // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + MaxBackoff string `json:"maxBackoff,omitempty"` + // retryOnRateLimit enables retries on HTTP 429 responses. + // When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + // When omitted or set to false, no retries are performed on rate limit responses. + // +optional + RetryOnRateLimit *bool `json:"retryOnRateLimit,omitempty"` +} + +// Sigv4 defines AWS Signature Version 4 authentication settings. +type Sigv4 struct { + // region is the AWS region. + // When omitted, the region is derived from the environment or instance metadata. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Region string `json:"region,omitempty"` + // accessKey defines the secret reference containing the AWS access key ID. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the access key is derived from the environment or instance metadata. + // +optional + AccessKey SecretKeySelector `json:"accessKey,omitempty,omitzero"` + // secretKey defines the secret reference containing the AWS secret access key. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the secret key is derived from the environment or instance metadata. + // +optional + SecretKey SecretKeySelector `json:"secretKey,omitempty,omitzero"` + // profile is the named AWS profile used to authenticate. + // When omitted, the default profile is used. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Profile string `json:"profile,omitempty"` + // roleArn is the AWS Role ARN, an alternative to using AWS API keys. + // When omitted, API keys are used for authentication. + // Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + // Must be between 1 and 512 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:XValidation:rule=`self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$')`,message="must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole)" + RoleArn string `json:"roleArn,omitempty"` } // RelabelConfig represents a relabeling rule. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index decde74adce..817100a36fd 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1743,6 +1743,182 @@ spec: description: RemoteWriteSpec represents configuration for remote write endpoints. properties: + authorization: + description: |- + authorization defines the authorization settings for remote write storage. + When omitted, no authorization is performed. + properties: + credentials: + description: |- + credentials defines the secret reference containing the authorization credentials. + Required when type is "BearerToken". + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authorization type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the credentials field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: credentials is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.credentials) : !has(self.credentials)' + basicAuth: + description: |- + basicAuth defines basic authentication settings for the remote write endpoint URL. + When omitted, no basic authentication is performed. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerTokenFile: + description: |- + bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. + However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. + When omitted, no bearer token file is used. + Must be a valid file path. + maxLength: 1024 + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. + Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. + maxProperties: 50 + type: object + metadataConfig: + description: |- + metadataConfig defines settings for sending series metadata to remote write storage. + When omitted, no metadata is sent. + properties: + send: + description: |- + send enables sending series metadata. + When set to true, Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to false, no metadata is sent. + type: boolean + sendInterval: + description: |- + sendInterval defines the interval at which metadata is sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30s", "1m", "5m"). + Minimum value is 1 second. + Maximum value is 24 hours. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object name: description: |- name is an optional identifier for this remote write configuration. @@ -1756,17 +1932,481 @@ spec: - message: must contain only alphanumeric characters, hyphens, and underscores rule: self.matches('^[a-zA-Z0-9_-]+$') - remoteTimeoutSeconds: + oauth2: + description: |- + oauth2 defines OAuth2 authentication settings for the remote write endpoint. + When omitted, no OAuth2 authentication is performed. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. + Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. + maxProperties: 20 + type: object + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + type: array + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: description: |- - remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + properties: + batchSendDeadline: + description: |- + batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 second. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoff: + description: |- + maxBackoff is the maximum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoff: + description: |- + minBackoff is the minimum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30ms", "1s"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit enables retries on HTTP 429 responses. + When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to false, no retries are performed on rate limit responses. + type: boolean + type: object + remoteTimeout: + description: |- + remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Currently the default is 30 seconds. + Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 600 seconds (10 minutes). - format: int32 - maximum: 600 - minimum: 1 - type: integer + Maximum value is 10 minutes. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + sendExemplars: + description: |- + sendExemplars enables sending exemplars via remote write. + When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted, exemplars are not sent. + type: boolean + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication settings. + When omitted, no AWS SigV4 authentication is performed. + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) url: description: |- url is the URL of the remote write endpoint. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 9385e7a32b9..56e78a7b5f5 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1743,6 +1743,182 @@ spec: description: RemoteWriteSpec represents configuration for remote write endpoints. properties: + authorization: + description: |- + authorization defines the authorization settings for remote write storage. + When omitted, no authorization is performed. + properties: + credentials: + description: |- + credentials defines the secret reference containing the authorization credentials. + Required when type is "BearerToken". + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authorization type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the credentials field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: credentials is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.credentials) : !has(self.credentials)' + basicAuth: + description: |- + basicAuth defines basic authentication settings for the remote write endpoint URL. + When omitted, no basic authentication is performed. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerTokenFile: + description: |- + bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. + However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. + When omitted, no bearer token file is used. + Must be a valid file path. + maxLength: 1024 + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. + Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. + maxProperties: 50 + type: object + metadataConfig: + description: |- + metadataConfig defines settings for sending series metadata to remote write storage. + When omitted, no metadata is sent. + properties: + send: + description: |- + send enables sending series metadata. + When set to true, Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to false, no metadata is sent. + type: boolean + sendInterval: + description: |- + sendInterval defines the interval at which metadata is sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30s", "1m", "5m"). + Minimum value is 1 second. + Maximum value is 24 hours. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object name: description: |- name is an optional identifier for this remote write configuration. @@ -1756,17 +1932,481 @@ spec: - message: must contain only alphanumeric characters, hyphens, and underscores rule: self.matches('^[a-zA-Z0-9_-]+$') - remoteTimeoutSeconds: + oauth2: + description: |- + oauth2 defines OAuth2 authentication settings for the remote write endpoint. + When omitted, no OAuth2 authentication is performed. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. + Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. + maxProperties: 20 + type: object + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + type: array + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: description: |- - remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + properties: + batchSendDeadline: + description: |- + batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 second. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoff: + description: |- + maxBackoff is the maximum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoff: + description: |- + minBackoff is the minimum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30ms", "1s"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit enables retries on HTTP 429 responses. + When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to false, no retries are performed on rate limit responses. + type: boolean + type: object + remoteTimeout: + description: |- + remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Currently the default is 30 seconds. + Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 600 seconds (10 minutes). - format: int32 - maximum: 600 - minimum: 1 - type: integer + Maximum value is 10 minutes. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + sendExemplars: + description: |- + sendExemplars enables sending exemplars via remote write. + When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted, exemplars are not sent. + type: boolean + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication settings. + When omitted, no AWS SigV4 authentication is performed. + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) url: description: |- url is the URL of the remote write endpoint. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 83b091d0c95..1a4ac2ecdbd 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1743,6 +1743,182 @@ spec: description: RemoteWriteSpec represents configuration for remote write endpoints. properties: + authorization: + description: |- + authorization defines the authorization settings for remote write storage. + When omitted, no authorization is performed. + properties: + credentials: + description: |- + credentials defines the secret reference containing the authorization credentials. + Required when type is "BearerToken". + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authorization type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the credentials field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: credentials is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.credentials) : !has(self.credentials)' + basicAuth: + description: |- + basicAuth defines basic authentication settings for the remote write endpoint URL. + When omitted, no basic authentication is performed. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerTokenFile: + description: |- + bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. + However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. + When omitted, no bearer token file is used. + Must be a valid file path. + maxLength: 1024 + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. + Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. + maxProperties: 50 + type: object + metadataConfig: + description: |- + metadataConfig defines settings for sending series metadata to remote write storage. + When omitted, no metadata is sent. + properties: + send: + description: |- + send enables sending series metadata. + When set to true, Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to false, no metadata is sent. + type: boolean + sendInterval: + description: |- + sendInterval defines the interval at which metadata is sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30s", "1m", "5m"). + Minimum value is 1 second. + Maximum value is 24 hours. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object name: description: |- name is an optional identifier for this remote write configuration. @@ -1756,17 +1932,481 @@ spec: - message: must contain only alphanumeric characters, hyphens, and underscores rule: self.matches('^[a-zA-Z0-9_-]+$') - remoteTimeoutSeconds: + oauth2: + description: |- + oauth2 defines OAuth2 authentication settings for the remote write endpoint. + When omitted, no OAuth2 authentication is performed. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. + Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. + maxProperties: 20 + type: object + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + type: array + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: description: |- - remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + properties: + batchSendDeadline: + description: |- + batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 second. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoff: + description: |- + maxBackoff is the maximum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoff: + description: |- + minBackoff is the minimum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30ms", "1s"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit enables retries on HTTP 429 responses. + When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to false, no retries are performed on rate limit responses. + type: boolean + type: object + remoteTimeout: + description: |- + remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Currently the default is 30 seconds. + Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 600 seconds (10 minutes). - format: int32 - maximum: 600 - minimum: 1 - type: integer + Maximum value is 10 minutes. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + sendExemplars: + description: |- + sendExemplars enables sending exemplars via remote write. + When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted, exemplars are not sent. + type: boolean + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication settings. + When omitted, no AWS SigV4 authentication is performed. + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) url: description: |- url is the URL of the remote write endpoint. diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index ed6d71026b7..debe91fc726 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -232,6 +232,24 @@ func (in *BackupStatus) DeepCopy() *BackupStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BasicAuth) DeepCopyInto(out *BasicAuth) { + *out = *in + out.Username = in.Username + out.Password = in.Password + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth. +func (in *BasicAuth) DeepCopy() *BasicAuth { + if in == nil { + return nil + } + out := new(BasicAuth) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CRIOCredentialProviderConfig) DeepCopyInto(out *CRIOCredentialProviderConfig) { *out = *in @@ -1005,6 +1023,27 @@ func (in *LowercaseActionConfig) DeepCopy() *LowercaseActionConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetadataConfig) DeepCopyInto(out *MetadataConfig) { + *out = *in + if in.Send != nil { + in, out := &in.Send, &out.Send + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataConfig. +func (in *MetadataConfig) DeepCopy() *MetadataConfig { + if in == nil { + return nil + } + out := new(MetadataConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { *out = *in @@ -1050,6 +1089,36 @@ func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuth2) DeepCopyInto(out *OAuth2) { + *out = *in + out.ClientID = in.ClientID + out.ClientSecret = in.ClientSecret + if in.Scopes != nil { + in, out := &in.Scopes, &out.Scopes + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.EndpointParams != nil { + in, out := &in.EndpointParams, &out.EndpointParams + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2. +func (in *OAuth2) DeepCopy() *OAuth2 { + if in == nil { + return nil + } + out := new(OAuth2) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { *out = *in @@ -1317,6 +1386,27 @@ func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueueConfig) DeepCopyInto(out *QueueConfig) { + *out = *in + if in.RetryOnRateLimit != nil { + in, out := &in.RetryOnRateLimit, &out.RetryOnRateLimit + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueueConfig. +func (in *QueueConfig) DeepCopy() *QueueConfig { + if in == nil { + return nil + } + out := new(QueueConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { *out = *in @@ -1359,6 +1449,53 @@ func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Authorization != nil { + in, out := &in.Authorization, &out.Authorization + *out = new(SafeAuthorization) + **out = **in + } + if in.BasicAuth != nil { + in, out := &in.BasicAuth, &out.BasicAuth + *out = new(BasicAuth) + **out = **in + } + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.MetadataConfig != nil { + in, out := &in.MetadataConfig, &out.MetadataConfig + *out = new(MetadataConfig) + (*in).DeepCopyInto(*out) + } + if in.OAuth2 != nil { + in, out := &in.OAuth2, &out.OAuth2 + *out = new(OAuth2) + (*in).DeepCopyInto(*out) + } + if in.QueueConfig != nil { + in, out := &in.QueueConfig, &out.QueueConfig + *out = new(QueueConfig) + (*in).DeepCopyInto(*out) + } + if in.SendExemplars != nil { + in, out := &in.SendExemplars, &out.SendExemplars + *out = new(bool) + **out = **in + } + if in.Sigv4 != nil { + in, out := &in.Sigv4, &out.Sigv4 + *out = new(Sigv4) + **out = **in + } + if in.TLSConfig != nil { + in, out := &in.TLSConfig, &out.TLSConfig + *out = new(TLSConfig) + **out = **in + } return } @@ -1467,6 +1604,23 @@ func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SafeAuthorization) DeepCopyInto(out *SafeAuthorization) { + *out = *in + out.Credentials = in.Credentials + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SafeAuthorization. +func (in *SafeAuthorization) DeepCopy() *SafeAuthorization { + if in == nil { + return nil + } + out := new(SafeAuthorization) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { *out = *in @@ -1483,6 +1637,24 @@ func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Sigv4) DeepCopyInto(out *Sigv4) { + *out = *in + out.AccessKey = in.AccessKey + out.SecretKey = in.SecretKey + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sigv4. +func (in *Sigv4) DeepCopy() *Sigv4 { + if in == nil { + return nil + } + out := new(Sigv4) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Storage) DeepCopyInto(out *Storage) { *out = *in diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index d9f41d0f42e..d64b50de168 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -1743,6 +1743,182 @@ spec: description: RemoteWriteSpec represents configuration for remote write endpoints. properties: + authorization: + description: |- + authorization defines the authorization settings for remote write storage. + When omitted, no authorization is performed. + properties: + credentials: + description: |- + credentials defines the secret reference containing the authorization credentials. + Required when type is "BearerToken". + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authorization type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the credentials field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: credentials is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.credentials) : !has(self.credentials)' + basicAuth: + description: |- + basicAuth defines basic authentication settings for the remote write endpoint URL. + When omitted, no basic authentication is performed. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerTokenFile: + description: |- + bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. + However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. + When omitted, no bearer token file is used. + Must be a valid file path. + maxLength: 1024 + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. + Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. + maxProperties: 50 + type: object + metadataConfig: + description: |- + metadataConfig defines settings for sending series metadata to remote write storage. + When omitted, no metadata is sent. + properties: + send: + description: |- + send enables sending series metadata. + When set to true, Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to false, no metadata is sent. + type: boolean + sendInterval: + description: |- + sendInterval defines the interval at which metadata is sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30s", "1m", "5m"). + Minimum value is 1 second. + Maximum value is 24 hours. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object name: description: |- name is an optional identifier for this remote write configuration. @@ -1756,17 +1932,481 @@ spec: - message: must contain only alphanumeric characters, hyphens, and underscores rule: self.matches('^[a-zA-Z0-9_-]+$') - remoteTimeoutSeconds: + oauth2: + description: |- + oauth2 defines OAuth2 authentication settings for the remote write endpoint. + When omitted, no OAuth2 authentication is performed. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. + Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. + maxProperties: 20 + type: object + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + type: array + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: description: |- - remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + properties: + batchSendDeadline: + description: |- + batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 second. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoff: + description: |- + maxBackoff is the maximum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoff: + description: |- + minBackoff is the minimum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30ms", "1s"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit enables retries on HTTP 429 responses. + When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to false, no retries are performed on rate limit responses. + type: boolean + type: object + remoteTimeout: + description: |- + remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Currently the default is 30 seconds. + Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 600 seconds (10 minutes). - format: int32 - maximum: 600 - minimum: 1 - type: integer + Maximum value is 10 minutes. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + sendExemplars: + description: |- + sendExemplars enables sending exemplars via remote write. + When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted, exemplars are not sent. + type: boolean + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication settings. + When omitted, no AWS SigV4 authentication is performed. + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) url: description: |- url is the URL of the remote write endpoint. diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 92efb8f2c71..206346fea90 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -177,6 +177,16 @@ func (AuthorizationConfig) SwaggerDoc() map[string]string { return map_AuthorizationConfig } +var map_BasicAuth = map[string]string{ + "": "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + "username": "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "password": "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", +} + +func (BasicAuth) SwaggerDoc() map[string]string { + return map_BasicAuth +} + var map_ClusterMonitoring = map[string]string{ "": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "metadata": "metadata is the standard object metadata.", @@ -285,6 +295,16 @@ func (LowercaseActionConfig) SwaggerDoc() map[string]string { return map_LowercaseActionConfig } +var map_MetadataConfig = map[string]string{ + "": "MetadataConfig defines settings for sending series metadata to remote write storage.", + "send": "send enables sending series metadata. When set to true, Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to false, no metadata is sent.", + "sendInterval": "sendInterval defines the interval at which metadata is sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 24 hours.", +} + +func (MetadataConfig) SwaggerDoc() map[string]string { + return map_MetadataConfig +} + var map_MetricsServerConfig = map[string]string{ "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", @@ -299,6 +319,19 @@ func (MetricsServerConfig) SwaggerDoc() map[string]string { return map_MetricsServerConfig } +var map_OAuth2 = map[string]string{ + "": "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + "clientId": "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + "clientSecret": "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + "tokenUrl": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "scopes": "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + "endpointParams": "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters.", +} + +func (OAuth2) SwaggerDoc() map[string]string { + return map_OAuth2 +} + var map_PrometheusConfig = map[string]string{ "": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", "additionalAlertmanagerConfigs": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field.", @@ -333,6 +366,22 @@ func (PrometheusOperatorConfig) SwaggerDoc() map[string]string { return map_PrometheusOperatorConfig } +var map_QueueConfig = map[string]string{ + "": "QueueConfig allows tuning configuration for remote write queue parameters.", + "capacity": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + "maxShards": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + "minShards": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + "maxSamplesPerSend": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + "batchSendDeadline": "batchSendDeadline is the maximum time a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 second. Maximum value is 1 hour.", + "minBackoff": "minBackoff is the minimum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30ms\", \"1s\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", + "maxBackoff": "maxBackoff is the maximum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", + "retryOnRateLimit": "retryOnRateLimit enables retries on HTTP 429 responses. When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to false, no retries are performed on rate limit responses.", +} + +func (QueueConfig) SwaggerDoc() map[string]string { + return map_QueueConfig +} + var map_RelabelConfig = map[string]string{ "": "RelabelConfig represents a relabeling rule. Exactly one action-specific configuration must be specified based on the action type.", "name": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", @@ -354,11 +403,22 @@ func (RelabelConfig) SwaggerDoc() map[string]string { } var map_RemoteWriteSpec = map[string]string{ - "": "RemoteWriteSpec represents configuration for remote write endpoints.", - "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", - "name": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", - "remoteTimeoutSeconds": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", - "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + "": "RemoteWriteSpec represents configuration for remote write endpoints.", + "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "name": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + "authorization": "authorization defines the authorization settings for remote write storage. When omitted, no authorization is performed.", + "basicAuth": "basicAuth defines basic authentication settings for the remote write endpoint URL. When omitted, no basic authentication is performed.", + "bearerTokenFile": "bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. When omitted, no bearer token file is used. Must be a valid file path.", + "headers": "headers specifies the custom HTTP headers to be sent along with each remote write request. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters.", + "metadataConfig": "metadataConfig defines settings for sending series metadata to remote write storage. When omitted, no metadata is sent.", + "oauth2": "oauth2 defines OAuth2 authentication settings for the remote write endpoint. When omitted, no OAuth2 authentication is performed.", + "proxyUrl": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "queueConfig": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "remoteTimeout": "remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 10 minutes.", + "sendExemplars": "sendExemplars enables sending exemplars via remote write. When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted, exemplars are not sent.", + "sigv4": "sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed.", + "tlsConfig": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } func (RemoteWriteSpec) SwaggerDoc() map[string]string { @@ -385,6 +445,16 @@ func (Retention) SwaggerDoc() map[string]string { return map_Retention } +var map_SafeAuthorization = map[string]string{ + "": "SafeAuthorization defines the authorization settings for remote write storage.", + "type": "type specifies the authorization type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the credentials field must be specified.", + "credentials": "credentials defines the secret reference containing the authorization credentials. Required when type is \"BearerToken\". The secret must exist in the openshift-monitoring namespace.", +} + +func (SafeAuthorization) SwaggerDoc() map[string]string { + return map_SafeAuthorization +} + var map_SecretKeySelector = map[string]string{ "": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", "name": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", @@ -395,6 +465,19 @@ func (SecretKeySelector) SwaggerDoc() map[string]string { return map_SecretKeySelector } +var map_Sigv4 = map[string]string{ + "": "Sigv4 defines AWS Signature Version 4 authentication settings.", + "region": "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + "accessKey": "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + "secretKey": "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + "profile": "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + "roleArn": "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", +} + +func (Sigv4) SwaggerDoc() map[string]string { + return map_Sigv4 +} + var map_TLSConfig = map[string]string{ "": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", "ca": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index c31068f9eaa..0c09e8f5e2d 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -454,6 +454,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.BackupList": schema_openshift_api_config_v1alpha1_BackupList(ref), "github.com/openshift/api/config/v1alpha1.BackupSpec": schema_openshift_api_config_v1alpha1_BackupSpec(ref), "github.com/openshift/api/config/v1alpha1.BackupStatus": schema_openshift_api_config_v1alpha1_BackupStatus(ref), + "github.com/openshift/api/config/v1alpha1.BasicAuth": schema_openshift_api_config_v1alpha1_BasicAuth(ref), "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref), "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigList": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref), "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref), @@ -487,7 +488,9 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.Label": schema_openshift_api_config_v1alpha1_Label(ref), "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig": schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref), "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig": schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.MetadataConfig": schema_openshift_api_config_v1alpha1_MetadataConfig(ref), "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), + "github.com/openshift/api/config/v1alpha1.OAuth2": schema_openshift_api_config_v1alpha1_OAuth2(ref), "github.com/openshift/api/config/v1alpha1.PKICertificateSubject": schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref), "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref), "github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig": schema_openshift_api_config_v1alpha1_PersistentVolumeConfig(ref), @@ -498,6 +501,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust": schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref), "github.com/openshift/api/config/v1alpha1.PrometheusConfig": schema_openshift_api_config_v1alpha1_PrometheusConfig(ref), "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref), + "github.com/openshift/api/config/v1alpha1.QueueConfig": schema_openshift_api_config_v1alpha1_QueueConfig(ref), "github.com/openshift/api/config/v1alpha1.RelabelConfig": schema_openshift_api_config_v1alpha1_RelabelConfig(ref), "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec": schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref), "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig": schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref), @@ -505,7 +509,9 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig": schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref), "github.com/openshift/api/config/v1alpha1.RetentionPolicy": schema_openshift_api_config_v1alpha1_RetentionPolicy(ref), "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig": schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref), + "github.com/openshift/api/config/v1alpha1.SafeAuthorization": schema_openshift_api_config_v1alpha1_SafeAuthorization(ref), "github.com/openshift/api/config/v1alpha1.SecretKeySelector": schema_openshift_api_config_v1alpha1_SecretKeySelector(ref), + "github.com/openshift/api/config/v1alpha1.Sigv4": schema_openshift_api_config_v1alpha1_Sigv4(ref), "github.com/openshift/api/config/v1alpha1.Storage": schema_openshift_api_config_v1alpha1_Storage(ref), "github.com/openshift/api/config/v1alpha1.TLSConfig": schema_openshift_api_config_v1alpha1_TLSConfig(ref), "github.com/openshift/api/config/v1alpha1.UppercaseActionConfig": schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref), @@ -22769,6 +22775,36 @@ func schema_openshift_api_config_v1alpha1_BackupStatus(ref common.ReferenceCallb } } +func schema_openshift_api_config_v1alpha1_BasicAuth(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "username": { + SchemaProps: spec.SchemaProps{ + Description: "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "password": { + SchemaProps: spec.SchemaProps{ + Description: "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + }, + Required: []string{"username", "password"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23981,6 +24017,33 @@ func schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref common.Refer } } +func schema_openshift_api_config_v1alpha1_MetadataConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MetadataConfig defines settings for sending series metadata to remote write storage.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "send": { + SchemaProps: spec.SchemaProps{ + Description: "send enables sending series metadata. When set to true, Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to false, no metadata is sent.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "sendInterval": { + SchemaProps: spec.SchemaProps{ + Description: "sendInterval defines the interval at which metadata is sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 24 hours.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24090,6 +24153,74 @@ func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.Referen } } +func schema_openshift_api_config_v1alpha1_OAuth2(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "clientId": { + SchemaProps: spec.SchemaProps{ + Description: "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "clientSecret": { + SchemaProps: spec.SchemaProps{ + Description: "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "tokenUrl": { + SchemaProps: spec.SchemaProps{ + Description: "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "scopes": { + SchemaProps: spec.SchemaProps{ + Description: "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "endpointParams": { + SchemaProps: spec.SchemaProps{ + Description: "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"clientId", "clientSecret", "tokenUrl"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24658,6 +24789,75 @@ func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.Re } } +func schema_openshift_api_config_v1alpha1_QueueConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "QueueConfig allows tuning configuration for remote write queue parameters.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "capacity": { + SchemaProps: spec.SchemaProps{ + Description: "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "maxShards": { + SchemaProps: spec.SchemaProps{ + Description: "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "minShards": { + SchemaProps: spec.SchemaProps{ + Description: "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "maxSamplesPerSend": { + SchemaProps: spec.SchemaProps{ + Description: "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "batchSendDeadline": { + SchemaProps: spec.SchemaProps{ + Description: "batchSendDeadline is the maximum time a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 second. Maximum value is 1 hour.", + Type: []string{"string"}, + Format: "", + }, + }, + "minBackoff": { + SchemaProps: spec.SchemaProps{ + Description: "minBackoff is the minimum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30ms\", \"1s\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", + Type: []string{"string"}, + Format: "", + }, + }, + "maxBackoff": { + SchemaProps: spec.SchemaProps{ + Description: "maxBackoff is the maximum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", + Type: []string{"string"}, + Format: "", + }, + }, + "retryOnRateLimit": { + SchemaProps: spec.SchemaProps{ + Description: "retryOnRateLimit enables retries on HTTP 429 responses. When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to false, no retries are performed on rate limit responses.", + Type: []string{"boolean"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24813,13 +25013,6 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa Format: "", }, }, - "remoteTimeoutSeconds": { - SchemaProps: spec.SchemaProps{ - Description: "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", - Type: []string{"integer"}, - Format: "int32", - }, - }, "writeRelabelConfigs": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -24842,12 +25035,98 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa }, }, }, + "authorization": { + SchemaProps: spec.SchemaProps{ + Description: "authorization defines the authorization settings for remote write storage. When omitted, no authorization is performed.", + Ref: ref("github.com/openshift/api/config/v1alpha1.SafeAuthorization"), + }, + }, + "basicAuth": { + SchemaProps: spec.SchemaProps{ + Description: "basicAuth defines basic authentication settings for the remote write endpoint URL. When omitted, no basic authentication is performed.", + Ref: ref("github.com/openshift/api/config/v1alpha1.BasicAuth"), + }, + }, + "bearerTokenFile": { + SchemaProps: spec.SchemaProps{ + Description: "bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. When omitted, no bearer token file is used. Must be a valid file path.", + Type: []string{"string"}, + Format: "", + }, + }, + "headers": { + SchemaProps: spec.SchemaProps{ + Description: "headers specifies the custom HTTP headers to be sent along with each remote write request. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "metadataConfig": { + SchemaProps: spec.SchemaProps{ + Description: "metadataConfig defines settings for sending series metadata to remote write storage. When omitted, no metadata is sent.", + Ref: ref("github.com/openshift/api/config/v1alpha1.MetadataConfig"), + }, + }, + "oauth2": { + SchemaProps: spec.SchemaProps{ + Description: "oauth2 defines OAuth2 authentication settings for the remote write endpoint. When omitted, no OAuth2 authentication is performed.", + Ref: ref("github.com/openshift/api/config/v1alpha1.OAuth2"), + }, + }, + "proxyUrl": { + SchemaProps: spec.SchemaProps{ + Description: "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "queueConfig": { + SchemaProps: spec.SchemaProps{ + Description: "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + Ref: ref("github.com/openshift/api/config/v1alpha1.QueueConfig"), + }, + }, + "remoteTimeout": { + SchemaProps: spec.SchemaProps{ + Description: "remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 10 minutes.", + Type: []string{"string"}, + Format: "", + }, + }, + "sendExemplars": { + SchemaProps: spec.SchemaProps{ + Description: "sendExemplars enables sending exemplars via remote write. When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted, exemplars are not sent.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "sigv4": { + SchemaProps: spec.SchemaProps{ + Description: "sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed.", + Ref: ref("github.com/openshift/api/config/v1alpha1.Sigv4"), + }, + }, + "tlsConfig": { + SchemaProps: spec.SchemaProps{ + Description: "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), + }, + }, }, Required: []string{"url"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.RelabelConfig"}, + "github.com/openshift/api/config/v1alpha1.BasicAuth", "github.com/openshift/api/config/v1alpha1.MetadataConfig", "github.com/openshift/api/config/v1alpha1.OAuth2", "github.com/openshift/api/config/v1alpha1.QueueConfig", "github.com/openshift/api/config/v1alpha1.RelabelConfig", "github.com/openshift/api/config/v1alpha1.SafeAuthorization", "github.com/openshift/api/config/v1alpha1.Sigv4", "github.com/openshift/api/config/v1alpha1.TLSConfig"}, } } @@ -25000,6 +25279,48 @@ func schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref common.Referen } } +func schema_openshift_api_config_v1alpha1_SafeAuthorization(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SafeAuthorization defines the authorization settings for remote write storage.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type specifies the authorization type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the credentials field must be specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "credentials": { + SchemaProps: spec.SchemaProps{ + Description: "credentials defines the secret reference containing the authorization credentials. Required when type is \"BearerToken\". The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "credentials": "Credentials", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_SecretKeySelector(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -25033,6 +25354,56 @@ func schema_openshift_api_config_v1alpha1_SecretKeySelector(ref common.Reference } } +func schema_openshift_api_config_v1alpha1_Sigv4(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Sigv4 defines AWS Signature Version 4 authentication settings.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "region": { + SchemaProps: spec.SchemaProps{ + Description: "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "accessKey": { + SchemaProps: spec.SchemaProps{ + Description: "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "secretKey": { + SchemaProps: spec.SchemaProps{ + Description: "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "profile": { + SchemaProps: spec.SchemaProps{ + Description: "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "roleArn": { + SchemaProps: spec.SchemaProps{ + Description: "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index 09d5a6e2666..ff1d6d6e31c 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -12407,6 +12407,26 @@ "com.github.openshift.api.config.v1alpha1.BackupStatus": { "type": "object" }, + "com.github.openshift.api.config.v1alpha1.BasicAuth": { + "description": "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + "type": "object", + "required": [ + "username", + "password" + ], + "properties": { + "password": { + "description": "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "username": { + "description": "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + } + } + }, "com.github.openshift.api.config.v1alpha1.ClusterImagePolicy": { "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -13015,6 +13035,20 @@ } } }, + "com.github.openshift.api.config.v1alpha1.MetadataConfig": { + "description": "MetadataConfig defines settings for sending series metadata to remote write storage.", + "type": "object", + "properties": { + "send": { + "description": "send enables sending series metadata. When set to true, Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to false, no metadata is sent.", + "type": "boolean" + }, + "sendInterval": { + "description": "sendInterval defines the interval at which metadata is sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 24 hours.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "type": "object", @@ -13072,6 +13106,47 @@ } } }, + "com.github.openshift.api.config.v1alpha1.OAuth2": { + "description": "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + "type": "object", + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "properties": { + "clientId": { + "description": "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "clientSecret": { + "description": "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "endpointParams": { + "description": "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "scopes": { + "description": "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "tokenUrl": { + "description": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.PKICertificateSubject": { "description": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", "type": "object", @@ -13347,6 +13422,48 @@ } } }, + "com.github.openshift.api.config.v1alpha1.QueueConfig": { + "description": "QueueConfig allows tuning configuration for remote write queue parameters.", + "type": "object", + "properties": { + "batchSendDeadline": { + "description": "batchSendDeadline is the maximum time a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 second. Maximum value is 1 hour.", + "type": "string" + }, + "capacity": { + "description": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + "type": "integer", + "format": "int32" + }, + "maxBackoff": { + "description": "maxBackoff is the maximum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", + "type": "string" + }, + "maxSamplesPerSend": { + "description": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + "type": "integer", + "format": "int32" + }, + "maxShards": { + "description": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + "type": "integer", + "format": "int32" + }, + "minBackoff": { + "description": "minBackoff is the minimum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30ms\", \"1s\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", + "type": "string" + }, + "minShards": { + "description": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + "type": "integer", + "format": "int32" + }, + "retryOnRateLimit": { + "description": "retryOnRateLimit enables retries on HTTP 429 responses. When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to false, no retries are performed on rate limit responses.", + "type": "boolean" + } + } + }, "com.github.openshift.api.config.v1alpha1.RelabelConfig": { "description": "RelabelConfig represents a relabeling rule. Exactly one action-specific configuration must be specified based on the action type.", "type": "object", @@ -13441,14 +13558,61 @@ "url" ], "properties": { + "authorization": { + "description": "authorization defines the authorization settings for remote write storage. When omitted, no authorization is performed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SafeAuthorization" + }, + "basicAuth": { + "description": "basicAuth defines basic authentication settings for the remote write endpoint URL. When omitted, no basic authentication is performed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BasicAuth" + }, + "bearerTokenFile": { + "description": "bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. When omitted, no bearer token file is used. Must be a valid file path.", + "type": "string" + }, + "headers": { + "description": "headers specifies the custom HTTP headers to be sent along with each remote write request. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "metadataConfig": { + "description": "metadataConfig defines settings for sending series metadata to remote write storage. When omitted, no metadata is sent.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetadataConfig" + }, "name": { "description": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", "type": "string" }, - "remoteTimeoutSeconds": { - "description": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", - "type": "integer", - "format": "int32" + "oauth2": { + "description": "oauth2 defines OAuth2 authentication settings for the remote write endpoint. When omitted, no OAuth2 authentication is performed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OAuth2" + }, + "proxyUrl": { + "description": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "type": "string" + }, + "queueConfig": { + "description": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.QueueConfig" + }, + "remoteTimeout": { + "description": "remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 10 minutes.", + "type": "string" + }, + "sendExemplars": { + "description": "sendExemplars enables sending exemplars via remote write. When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted, exemplars are not sent.", + "type": "boolean" + }, + "sigv4": { + "description": "sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Sigv4" + }, + "tlsConfig": { + "description": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" }, "url": { "description": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", @@ -13566,6 +13730,32 @@ } } }, + "com.github.openshift.api.config.v1alpha1.SafeAuthorization": { + "description": "SafeAuthorization defines the authorization settings for remote write storage.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "credentials": { + "description": "credentials defines the secret reference containing the authorization credentials. Required when type is \"BearerToken\". The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "type": { + "description": "type specifies the authorization type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the credentials field must be specified.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "credentials": "Credentials" + } + } + ] + }, "com.github.openshift.api.config.v1alpha1.SecretKeySelector": { "description": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", "type": "object", @@ -13585,6 +13775,34 @@ }, "x-kubernetes-map-type": "atomic" }, + "com.github.openshift.api.config.v1alpha1.Sigv4": { + "description": "Sigv4 defines AWS Signature Version 4 authentication settings.", + "type": "object", + "properties": { + "accessKey": { + "description": "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "profile": { + "description": "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + "type": "string" + }, + "region": { + "description": "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + "type": "string" + }, + "roleArn": { + "description": "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", + "type": "string" + }, + "secretKey": { + "description": "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + } + } + }, "com.github.openshift.api.config.v1alpha1.Storage": { "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index decde74adce..817100a36fd 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1743,6 +1743,182 @@ spec: description: RemoteWriteSpec represents configuration for remote write endpoints. properties: + authorization: + description: |- + authorization defines the authorization settings for remote write storage. + When omitted, no authorization is performed. + properties: + credentials: + description: |- + credentials defines the secret reference containing the authorization credentials. + Required when type is "BearerToken". + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authorization type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the credentials field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: credentials is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.credentials) : !has(self.credentials)' + basicAuth: + description: |- + basicAuth defines basic authentication settings for the remote write endpoint URL. + When omitted, no basic authentication is performed. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerTokenFile: + description: |- + bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. + However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. + When omitted, no bearer token file is used. + Must be a valid file path. + maxLength: 1024 + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. + Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. + maxProperties: 50 + type: object + metadataConfig: + description: |- + metadataConfig defines settings for sending series metadata to remote write storage. + When omitted, no metadata is sent. + properties: + send: + description: |- + send enables sending series metadata. + When set to true, Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to false, no metadata is sent. + type: boolean + sendInterval: + description: |- + sendInterval defines the interval at which metadata is sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30s", "1m", "5m"). + Minimum value is 1 second. + Maximum value is 24 hours. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object name: description: |- name is an optional identifier for this remote write configuration. @@ -1756,17 +1932,481 @@ spec: - message: must contain only alphanumeric characters, hyphens, and underscores rule: self.matches('^[a-zA-Z0-9_-]+$') - remoteTimeoutSeconds: + oauth2: + description: |- + oauth2 defines OAuth2 authentication settings for the remote write endpoint. + When omitted, no OAuth2 authentication is performed. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. + Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. + maxProperties: 20 + type: object + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + type: array + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: description: |- - remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + properties: + batchSendDeadline: + description: |- + batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 second. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoff: + description: |- + maxBackoff is the maximum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoff: + description: |- + minBackoff is the minimum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30ms", "1s"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit enables retries on HTTP 429 responses. + When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to false, no retries are performed on rate limit responses. + type: boolean + type: object + remoteTimeout: + description: |- + remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Currently the default is 30 seconds. + Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 600 seconds (10 minutes). - format: int32 - maximum: 600 - minimum: 1 - type: integer + Maximum value is 10 minutes. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + sendExemplars: + description: |- + sendExemplars enables sending exemplars via remote write. + When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted, exemplars are not sent. + type: boolean + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication settings. + When omitted, no AWS SigV4 authentication is performed. + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) url: description: |- url is the URL of the remote write endpoint. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 9385e7a32b9..56e78a7b5f5 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1743,6 +1743,182 @@ spec: description: RemoteWriteSpec represents configuration for remote write endpoints. properties: + authorization: + description: |- + authorization defines the authorization settings for remote write storage. + When omitted, no authorization is performed. + properties: + credentials: + description: |- + credentials defines the secret reference containing the authorization credentials. + Required when type is "BearerToken". + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authorization type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the credentials field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: credentials is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.credentials) : !has(self.credentials)' + basicAuth: + description: |- + basicAuth defines basic authentication settings for the remote write endpoint URL. + When omitted, no basic authentication is performed. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerTokenFile: + description: |- + bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. + However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. + When omitted, no bearer token file is used. + Must be a valid file path. + maxLength: 1024 + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. + Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. + maxProperties: 50 + type: object + metadataConfig: + description: |- + metadataConfig defines settings for sending series metadata to remote write storage. + When omitted, no metadata is sent. + properties: + send: + description: |- + send enables sending series metadata. + When set to true, Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to false, no metadata is sent. + type: boolean + sendInterval: + description: |- + sendInterval defines the interval at which metadata is sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30s", "1m", "5m"). + Minimum value is 1 second. + Maximum value is 24 hours. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object name: description: |- name is an optional identifier for this remote write configuration. @@ -1756,17 +1932,481 @@ spec: - message: must contain only alphanumeric characters, hyphens, and underscores rule: self.matches('^[a-zA-Z0-9_-]+$') - remoteTimeoutSeconds: + oauth2: + description: |- + oauth2 defines OAuth2 authentication settings for the remote write endpoint. + When omitted, no OAuth2 authentication is performed. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. + Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. + maxProperties: 20 + type: object + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + type: array + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: description: |- - remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + properties: + batchSendDeadline: + description: |- + batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 second. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoff: + description: |- + maxBackoff is the maximum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoff: + description: |- + minBackoff is the minimum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30ms", "1s"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit enables retries on HTTP 429 responses. + When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to false, no retries are performed on rate limit responses. + type: boolean + type: object + remoteTimeout: + description: |- + remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Currently the default is 30 seconds. + Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 600 seconds (10 minutes). - format: int32 - maximum: 600 - minimum: 1 - type: integer + Maximum value is 10 minutes. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + sendExemplars: + description: |- + sendExemplars enables sending exemplars via remote write. + When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted, exemplars are not sent. + type: boolean + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication settings. + When omitted, no AWS SigV4 authentication is performed. + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) url: description: |- url is the URL of the remote write endpoint. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 83b091d0c95..1a4ac2ecdbd 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1743,6 +1743,182 @@ spec: description: RemoteWriteSpec represents configuration for remote write endpoints. properties: + authorization: + description: |- + authorization defines the authorization settings for remote write storage. + When omitted, no authorization is performed. + properties: + credentials: + description: |- + credentials defines the secret reference containing the authorization credentials. + Required when type is "BearerToken". + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authorization type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the credentials field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: credentials is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.credentials) : !has(self.credentials)' + basicAuth: + description: |- + basicAuth defines basic authentication settings for the remote write endpoint URL. + When omitted, no basic authentication is performed. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerTokenFile: + description: |- + bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. + However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. + When omitted, no bearer token file is used. + Must be a valid file path. + maxLength: 1024 + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. + Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. + maxProperties: 50 + type: object + metadataConfig: + description: |- + metadataConfig defines settings for sending series metadata to remote write storage. + When omitted, no metadata is sent. + properties: + send: + description: |- + send enables sending series metadata. + When set to true, Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to false, no metadata is sent. + type: boolean + sendInterval: + description: |- + sendInterval defines the interval at which metadata is sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30s", "1m", "5m"). + Minimum value is 1 second. + Maximum value is 24 hours. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object name: description: |- name is an optional identifier for this remote write configuration. @@ -1756,17 +1932,481 @@ spec: - message: must contain only alphanumeric characters, hyphens, and underscores rule: self.matches('^[a-zA-Z0-9_-]+$') - remoteTimeoutSeconds: + oauth2: + description: |- + oauth2 defines OAuth2 authentication settings for the remote write endpoint. + When omitted, no OAuth2 authentication is performed. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. + Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. + maxProperties: 20 + type: object + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + type: array + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: description: |- - remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + properties: + batchSendDeadline: + description: |- + batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 second. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoff: + description: |- + maxBackoff is the maximum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "5s", "1m"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoff: + description: |- + minBackoff is the minimum retry delay. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Must be a valid duration string (e.g., "30ms", "1s"). + Minimum value is 1 millisecond. + Maximum value is 1 hour. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + retryOnRateLimit: + description: |- + retryOnRateLimit enables retries on HTTP 429 responses. + When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to false, no retries are performed on rate limit responses. + type: boolean + type: object + remoteTimeout: + description: |- + remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Currently the default is 30 seconds. + Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 600 seconds (10 minutes). - format: int32 - maximum: 600 - minimum: 1 - type: integer + Maximum value is 10 minutes. + pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + sendExemplars: + description: |- + sendExemplars enables sending exemplars via remote write. + When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted, exemplars are not sent. + type: boolean + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication settings. + When omitted, no AWS SigV4 authentication is performed. + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) url: description: |- url is the URL of the remote write endpoint. From 81811fd4719fcf7024e034547c5fd537668ed0de Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Tue, 27 Jan 2026 15:59:43 +0100 Subject: [PATCH 5/9] change action structure Signed-off-by: Mario Fernandez --- .../ClusterMonitoringConfig.yaml | 295 +++++++++------- config/v1alpha1/types_cluster_monitoring.go | 42 ++- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 330 ++++++++++-------- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 330 ++++++++++-------- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 330 ++++++++++-------- config/v1alpha1/zz_generated.deepcopy.go | 29 +- .../ClusterMonitoringConfig.yaml | 330 ++++++++++-------- .../zz_generated.swagger_doc_generated.go | 31 +- .../generated_openapi/zz_generated.openapi.go | 152 ++++---- openapi/openapi.json | 90 ++--- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 330 ++++++++++-------- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 330 ++++++++++-------- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 330 ++++++++++-------- 13 files changed, 1609 insertions(+), 1340 deletions(-) diff --git a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index c6aa133165c..cd45d1800bc 100644 --- a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -413,7 +413,6 @@ tests: remoteWrite: - url: https://remote-write.example.com/api/v1/write name: remote-write-1 - remoteTimeoutSeconds: 30 additionalAlertmanagerConfigs: - name: external-alertmanager staticConfigs: @@ -469,7 +468,6 @@ tests: remoteWrite: - url: https://remote-write.example.com/api/v1/write name: remote-write-1 - remoteTimeoutSeconds: 30 additionalAlertmanagerConfigs: - name: external-alertmanager staticConfigs: @@ -824,30 +822,6 @@ tests: - url: https://remote.example.com/write name: invalid@name expectedError: "spec.prometheusConfig.remoteWrite[0].name: Invalid value: \"string\": must contain only alphanumeric characters, hyphens, and underscores" - - name: Should reject PrometheusConfig with remoteWrite remoteTimeoutSeconds below minimum - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterMonitoring - spec: - userDefined: - mode: "Disabled" - prometheusConfig: - remoteWrite: - - url: https://remote.example.com/write - remoteTimeoutSeconds: 0 - expectedError: 'spec.prometheusConfig.remoteWrite[0].remoteTimeoutSeconds: Invalid value: 0: spec.prometheusConfig.remoteWrite[0].remoteTimeoutSeconds in body should be greater than or equal to 1' - - name: Should reject PrometheusConfig with remoteWrite remoteTimeoutSeconds above maximum - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterMonitoring - spec: - userDefined: - mode: "Disabled" - prometheusConfig: - remoteWrite: - - url: https://remote.example.com/write - remoteTimeoutSeconds: 601 - expectedError: 'spec.prometheusConfig.remoteWrite[0].remoteTimeoutSeconds: Invalid value: 601: spec.prometheusConfig.remoteWrite[0].remoteTimeoutSeconds in body should be less than or equal to 600' - name: Should reject PrometheusConfig with additionalAlertmanagerConfigs exceeding max items initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1106,12 +1080,13 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: replace-action - action: Replace sourceLabels: - instance - replace: - targetLabel: instance - replacement: "$1" + action: + type: Replace + replace: + targetLabel: instance + replacement: "$1" expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1123,12 +1098,13 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: replace-action - action: Replace sourceLabels: - instance - replace: - targetLabel: instance - replacement: "$1" + action: + type: Replace + replace: + targetLabel: instance + replacement: "$1" - name: Should accept PrometheusConfig with RelabelConfig Keep action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1141,10 +1117,11 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: keep-action - action: Keep sourceLabels: - job regex: ".*" + action: + type: Keep expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1156,10 +1133,11 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: keep-action - action: Keep sourceLabels: - job regex: ".*" + action: + type: Keep - name: Should accept PrometheusConfig with RelabelConfig Drop action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1172,10 +1150,11 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: drop-action - action: Drop sourceLabels: - job regex: ".*" + action: + type: Drop expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1187,10 +1166,11 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: drop-action - action: Drop sourceLabels: - job regex: ".*" + action: + type: Drop - name: Should accept PrometheusConfig with RelabelConfig HashMod action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1203,11 +1183,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: hashmod-action - action: HashMod sourceLabels: - instance - hashMod: - targetLabel: shard + action: + type: HashMod + hashMod: + targetLabel: shard expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1219,11 +1200,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: hashmod-action - action: HashMod sourceLabels: - instance - hashMod: - targetLabel: shard + action: + type: HashMod + hashMod: + targetLabel: shard - name: Should accept PrometheusConfig with RelabelConfig LabelMap action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1236,10 +1218,11 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: labelmap-action - action: LabelMap regex: "k8s_(.*)" - labelMap: - replacement: "$1" + action: + type: LabelMap + labelMap: + replacement: "$1" expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1251,10 +1234,11 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: labelmap-action - action: LabelMap regex: "k8s_(.*)" - labelMap: - replacement: "$1" + action: + type: LabelMap + labelMap: + replacement: "$1" - name: Should accept PrometheusConfig with RelabelConfig LabelDrop action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1267,8 +1251,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: labeldrop-action - action: LabelDrop regex: ".*" + action: + type: LabelDrop expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1280,8 +1265,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: labeldrop-action - action: LabelDrop regex: ".*" + action: + type: LabelDrop - name: Should accept PrometheusConfig with RelabelConfig LabelKeep action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1294,8 +1280,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: labelkeep-action - action: LabelKeep regex: ".*" + action: + type: LabelKeep expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1307,8 +1294,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: labelkeep-action - action: LabelKeep regex: ".*" + action: + type: LabelKeep - name: Should accept PrometheusConfig with RelabelConfig Lowercase action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1321,11 +1309,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: lowercase-action - action: Lowercase sourceLabels: - instance - lowercase: - targetLabel: instance_lower + action: + type: Lowercase + lowercase: + targetLabel: instance_lower expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1337,11 +1326,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: lowercase-action - action: Lowercase sourceLabels: - instance - lowercase: - targetLabel: instance_lower + action: + type: Lowercase + lowercase: + targetLabel: instance_lower - name: Should accept PrometheusConfig with RelabelConfig Uppercase action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1354,11 +1344,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: uppercase-action - action: Uppercase sourceLabels: - instance - uppercase: - targetLabel: instance_upper + action: + type: Uppercase + uppercase: + targetLabel: instance_upper expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1370,11 +1361,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: uppercase-action - action: Uppercase sourceLabels: - instance - uppercase: - targetLabel: instance_upper + action: + type: Uppercase + uppercase: + targetLabel: instance_upper - name: Should accept PrometheusConfig with RelabelConfig KeepEqual action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1387,11 +1379,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: keepequal-action - action: KeepEqual sourceLabels: - instance - keepEqual: - targetLabel: instance + action: + type: KeepEqual + keepEqual: + targetLabel: instance expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1403,11 +1396,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: keepequal-action - action: KeepEqual sourceLabels: - instance - keepEqual: - targetLabel: instance + action: + type: KeepEqual + keepEqual: + targetLabel: instance - name: Should accept PrometheusConfig with RelabelConfig DropEqual action initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1420,11 +1414,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: dropequal-action - action: DropEqual sourceLabels: - instance - dropEqual: - targetLabel: instance + action: + type: DropEqual + dropEqual: + targetLabel: instance expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -1436,11 +1431,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: dropequal-action - action: DropEqual sourceLabels: - instance - dropEqual: - targetLabel: instance + action: + type: DropEqual + dropEqual: + targetLabel: instance - name: Should reject PrometheusConfig with invalid RelabelAction initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1453,8 +1449,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: invalid-action - action: InvalidAction - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Unsupported value: "InvalidAction": supported values: "Replace", "Keep", "Drop", "HashMod", "LabelMap", "LabelDrop", "LabelKeep", "Lowercase", "Uppercase", "KeepEqual", "DropEqual"' + action: + type: InvalidAction + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action.type: Unsupported value: "InvalidAction": supported values: "Replace", "Keep", "Drop", "HashMod", "LabelMap", "LabelDrop", "LabelKeep", "Lowercase", "Uppercase", "KeepEqual", "DropEqual"' - name: Should reject PrometheusConfig with Replace action missing replace config initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1467,8 +1464,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: replace-action - action: Replace - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + action: + type: Replace + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "object": replace is required when type is Replace, and forbidden otherwise' - name: Should reject PrometheusConfig with Replace action having wrong config type initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1481,10 +1479,11 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: replace-action - action: Replace - hashMod: - targetLabel: shard - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + action: + type: Replace + hashMod: + targetLabel: shard + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "object": hashMod is required when type is HashMod, and forbidden otherwise' - name: Should reject PrometheusConfig with HashMod action missing hashMod config initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1497,8 +1496,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: hashmod-action - action: HashMod - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + action: + type: HashMod + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "object": hashMod is required when type is HashMod, and forbidden otherwise' - name: Should reject PrometheusConfig with Lowercase action missing lowercase config initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1511,8 +1511,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: lowercase-action - action: Lowercase - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + action: + type: Lowercase + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "object": lowercase is required when type is Lowercase, and forbidden otherwise' - name: Should reject PrometheusConfig with Uppercase action missing uppercase config initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1525,8 +1526,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: uppercase-action - action: Uppercase - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + action: + type: Uppercase + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "object": uppercase is required when type is Uppercase, and forbidden otherwise' - name: Should reject PrometheusConfig with KeepEqual action missing keepEqual config initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1539,8 +1541,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: keepequal-action - action: KeepEqual - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + action: + type: KeepEqual + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "object": keepEqual is required when type is KeepEqual, and forbidden otherwise' - name: Should reject PrometheusConfig with DropEqual action missing dropEqual config initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1553,8 +1556,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: dropequal-action - action: DropEqual - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + action: + type: DropEqual + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "object": dropEqual is required when type is DropEqual, and forbidden otherwise' - name: Should reject PrometheusConfig with LabelMap action missing labelMap config initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1567,8 +1571,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: labelmap-action - action: LabelMap - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0]: Invalid value: "object": exactly one action-specific configuration must be specified and must match the action type' + action: + type: LabelMap + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action: Invalid value: "object": labelMap is required when type is LabelMap, and forbidden otherwise' - name: Should reject PrometheusConfig with RelabelConfig name missing initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1580,7 +1585,8 @@ tests: remoteWrite: - url: https://remote.example.com/write writeRelabelConfigs: - - action: Keep + - action: + type: Keep expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].name: Required value' - name: Should reject PrometheusConfig with RelabelConfig name too long initial: | @@ -1594,7 +1600,8 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: "this-is-a-very-long-relabel-config-name-that-exceeds-the-maximum-length-of-63-characters-and-should-be-rejected" - action: Keep + action: + type: Keep expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].name: Too long: may not be more than 63 bytes' - name: Should reject PrometheusConfig with RelabelConfig name invalid characters initial: | @@ -1608,7 +1615,8 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: "invalid@name" - action: Keep + action: + type: Keep expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].name: Invalid value: "string": must contain only alphanumeric characters, hyphens, and underscores' - name: Should reject PrometheusConfig with RelabelConfig sourceLabels exceeding max items initial: | @@ -1622,7 +1630,6 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: relabel-config - action: Keep sourceLabels: - label1 - label2 @@ -1635,6 +1642,8 @@ tests: - label9 - label10 - label11 + action: + type: Keep expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].sourceLabels: Too many: 11: must have at most 10 items' - name: Should reject PrometheusConfig with RelabelConfig sourceLabels starting with __ initial: | @@ -1648,9 +1657,10 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: relabel-config - action: Keep sourceLabels: - __meta_kubernetes_pod_name + action: + type: Keep expectedError: "spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].sourceLabels[0]: Invalid value: \"string\": label names beginning with '__' (two underscores) are reserved for internal Prometheus use and are not allowed" - name: Should reject PrometheusConfig with RelabelConfig separator too long initial: | @@ -1664,8 +1674,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: relabel-config - action: Keep separator: ";;;;;;" + action: + type: Keep expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].separator: Too long: may not be more than 5 bytes' - name: Should reject PrometheusConfig with RelabelConfig regex exceeding max length initial: | @@ -1679,8 +1690,9 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: relabel-config - action: Keep regex: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + action: + type: Keep expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].regex: Too long: may not be more than 1000 bytes' - name: Should reject PrometheusConfig with Replace action missing targetLabel initial: | @@ -1694,9 +1706,10 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: replace-action - action: Replace - replace: {} - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].replace.targetLabel: Required value' + action: + type: Replace + replace: {} + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action.replace.targetLabel: Required value' - name: Should reject PrometheusConfig with Replace action targetLabel too long initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1709,10 +1722,11 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: replace-action - action: Replace - replace: - targetLabel: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].replace.targetLabel: Too long: may not be more than 128 bytes' + action: + type: Replace + replace: + targetLabel: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action.replace.targetLabel: Too long: may not be more than 128 bytes' - name: Should reject PrometheusConfig with Replace action replacement too long initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1725,11 +1739,12 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: replace-action - action: Replace - replace: - targetLabel: instance - replacement: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].replace.replacement: Too long: may not be more than 255 bytes' + action: + type: Replace + replace: + targetLabel: instance + replacement: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action.replace.replacement: Too long: may not be more than 255 bytes' - name: Should reject PrometheusConfig with HashMod action missing targetLabel initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1742,9 +1757,10 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: hashmod-action - action: HashMod - hashMod: {} - expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].hashMod.targetLabel: Required value' + action: + type: HashMod + hashMod: {} + expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[0].action.hashMod.targetLabel: Required value' - name: Should reject PrometheusConfig with writeRelabelConfigs duplicate names initial: | apiVersion: config.openshift.io/v1alpha1 @@ -1757,9 +1773,11 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: relabel-config - action: Keep + action: + type: Keep - name: relabel-config - action: Drop + action: + type: Drop expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs[1]: Duplicate value: map[string]interface {}{"name":"relabel-config"}' - name: Should reject PrometheusConfig with writeRelabelConfigs exceeding max items initial: | @@ -1773,25 +1791,36 @@ tests: - url: https://remote.example.com/write writeRelabelConfigs: - name: config1 - action: Keep + action: + type: Keep - name: config2 - action: Keep + action: + type: Keep - name: config3 - action: Keep + action: + type: Keep - name: config4 - action: Keep + action: + type: Keep - name: config5 - action: Keep + action: + type: Keep - name: config6 - action: Keep + action: + type: Keep - name: config7 - action: Keep + action: + type: Keep - name: config8 - action: Keep + action: + type: Keep - name: config9 - action: Keep + action: + type: Keep - name: config10 - action: Keep + action: + type: Keep - name: config11 - action: Keep + action: + type: Keep expectedError: 'spec.prometheusConfig.remoteWrite[0].writeRelabelConfigs: Too many: 11: must have at most 10 items' diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index e6ce5e8c230..e213e4a8213 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -793,7 +793,9 @@ type RemoteWriteSpec struct { // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" URL string `json:"url,omitempty"` // name is an optional identifier for this remote write configuration. + // This name is used in metrics and logging to differentiate remote write queues. // When omitted, Prometheus generates a unique name automatically. + // If specified, this name must be unique. // Must contain only alphanumeric characters, hyphens, and underscores. // Must be between 1 and 63 characters in length when specified. // +optional @@ -1072,9 +1074,6 @@ type Sigv4 struct { } // RelabelConfig represents a relabeling rule. -// Exactly one action-specific configuration must be specified based on the action type. -// +kubebuilder:validation:XValidation:rule="(self.action == 'Replace' ? has(self.replace) : !has(self.replace)) && (self.action == 'HashMod' ? has(self.hashMod) : !has(self.hashMod)) && (self.action == 'Lowercase' ? has(self.lowercase) : !has(self.lowercase)) && (self.action == 'Uppercase' ? has(self.uppercase) : !has(self.uppercase)) && (self.action == 'KeepEqual' ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action == 'DropEqual' ? has(self.dropEqual) : !has(self.dropEqual)) && (self.action == 'LabelMap' ? has(self.labelMap) : !has(self.labelMap))",message="exactly one action-specific configuration must be specified and must match the action type" -// +union type RelabelConfig struct { // name is a unique identifier for this relabel configuration. // Must contain only alphanumeric characters, hyphens, and underscores. @@ -1093,7 +1092,7 @@ type RelabelConfig struct { // Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. // Each entry must be unique. // Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. - // Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + // Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. // While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set // ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). // +optional @@ -1125,7 +1124,24 @@ type RelabelConfig struct { // +kubebuilder:validation:MaxLength=1000 Regex string `json:"regex,omitempty"` - // action is the action to perform on the matched labels. + // action defines the action to perform on the matched labels and its configuration. + // Exactly one action-specific configuration must be specified based on the action type. + // +required + Action RelabelActionConfig `json:"action"` +} + +// RelabelActionConfig represents the action to perform and its configuration. +// Exactly one action-specific configuration must be specified based on the action type. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Replace' ? has(self.replace) : !has(self.replace)",message="replace is required when type is Replace, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'HashMod' ? has(self.hashMod) : !has(self.hashMod)",message="hashMod is required when type is HashMod, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Lowercase' ? has(self.lowercase) : !has(self.lowercase)",message="lowercase is required when type is Lowercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uppercase' ? has(self.uppercase) : !has(self.uppercase)",message="uppercase is required when type is Uppercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KeepEqual' ? has(self.keepEqual) : !has(self.keepEqual)",message="keepEqual is required when type is KeepEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'DropEqual' ? has(self.dropEqual) : !has(self.dropEqual)",message="dropEqual is required when type is DropEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'LabelMap' ? has(self.labelMap) : !has(self.labelMap)",message="labelMap is required when type is LabelMap, and forbidden otherwise" +// +union +type RelabelActionConfig struct { + // type specifies the action to perform on the matched labels. // Valid actions are: // - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. // - Keep: Keeps only metrics where regex matches the source labels. @@ -1140,50 +1156,50 @@ type RelabelConfig struct { // - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. // +required // +unionDiscriminator - Action RelabelAction `json:"action,omitempty"` + Type RelabelAction `json:"type,omitempty"` // replace configures the Replace action. - // Required when action is Replace. + // Required when type is Replace. // +unionMember // +optional Replace ReplaceActionConfig `json:"replace,omitempty,omitzero"` // hashMod configures the HashMod action. - // Required when action is HashMod. + // Required when type is HashMod. // +unionMember // +optional HashMod HashModActionConfig `json:"hashMod,omitempty,omitzero"` // lowercase configures the Lowercase action. - // Required when action is Lowercase. + // Required when type is Lowercase. // Requires Prometheus >= v2.36.0. // +unionMember // +optional Lowercase LowercaseActionConfig `json:"lowercase,omitempty,omitzero"` // uppercase configures the Uppercase action. - // Required when action is Uppercase. + // Required when type is Uppercase. // Requires Prometheus >= v2.36.0. // +unionMember // +optional Uppercase UppercaseActionConfig `json:"uppercase,omitempty,omitzero"` // keepEqual configures the KeepEqual action. - // Required when action is KeepEqual. + // Required when type is KeepEqual. // Requires Prometheus >= v2.41.0. // +unionMember // +optional KeepEqual KeepEqualActionConfig `json:"keepEqual,omitempty,omitzero"` // dropEqual configures the DropEqual action. - // Required when action is DropEqual. + // Required when type is DropEqual. // Requires Prometheus >= v2.41.0. // +unionMember // +optional DropEqual DropEqualActionConfig `json:"dropEqual,omitempty,omitzero"` // labelMap configures the LabelMap action. - // Required when action is LabelMap. + // Required when type is LabelMap. // +unionMember // +optional LabelMap *LabelMapActionConfig `json:"labelMap,omitempty,omitzero"` diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 817100a36fd..532d9eac45c 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1922,7 +1922,9 @@ spec: name: description: |- name is an optional identifier for this remote write configuration. + This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. + If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified. maxLength: 63 @@ -2426,116 +2428,192 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: |- - RelabelConfig represents a relabeling rule. - Exactly one action-specific configuration must be specified based on the action type. + description: RelabelConfig represents a relabeling rule. properties: action: description: |- - action is the action to perform on the matched labels. - Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - type: string - dropEqual: - description: |- - dropEqual configures the DropEqual action. - Required when action is DropEqual. - Requires Prometheus >= v2.41.0. + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. properties: - targetLabel: + dropEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - hashMod: - description: |- - hashMod configures the HashMod action. - Required when action is HashMod. - properties: - targetLabel: + dropEqual configures the DropEqual action. + Required when type is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - keepEqual: - description: |- - keepEqual configures the KeepEqual action. - Required when action is KeepEqual. - Requires Prometheus >= v2.41.0. - properties: - targetLabel: + hashMod configures the HashMod action. + Required when type is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - labelMap: - description: |- - labelMap configures the LabelMap action. - Required when action is LabelMap. - properties: - replacement: + keepEqual configures the KeepEqual action. + Required when type is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Must be at most 255 characters in length. - maxLength: 255 - type: string - type: object - lowercase: - description: |- - lowercase configures the Lowercase action. - Required when action is Lowercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: + labelMap configures the LabelMap action. + Required when type is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + type: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 + type specifies the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - - targetLabel + - type type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' name: description: |- name is a unique identifier for this relabel configuration. @@ -2558,31 +2636,6 @@ spec: maxLength: 1000 minLength: 1 type: string - replace: - description: |- - replace configures the Replace action. - Required when action is Replace. - properties: - replacement: - description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object separator: description: |- separator is the character sequence used to join source label values. @@ -2603,7 +2656,7 @@ spec: Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. - Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: @@ -2619,39 +2672,10 @@ spec: minItems: 1 type: array x-kubernetes-list-type: set - uppercase: - description: |- - uppercase configures the Uppercase action. - Required when action is Uppercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object required: - action - name type: object - x-kubernetes-validations: - - message: exactly one action-specific configuration must - be specified and must match the action type - rule: '(self.action == ''Replace'' ? has(self.replace) - : !has(self.replace)) && (self.action == ''HashMod'' - ? has(self.hashMod) : !has(self.hashMod)) && (self.action - == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) - && (self.action == ''Uppercase'' ? has(self.uppercase) - : !has(self.uppercase)) && (self.action == ''KeepEqual'' - ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action - == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) - && (self.action == ''LabelMap'' ? has(self.labelMap) - : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 56e78a7b5f5..a4c3ab56850 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1922,7 +1922,9 @@ spec: name: description: |- name is an optional identifier for this remote write configuration. + This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. + If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified. maxLength: 63 @@ -2426,116 +2428,192 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: |- - RelabelConfig represents a relabeling rule. - Exactly one action-specific configuration must be specified based on the action type. + description: RelabelConfig represents a relabeling rule. properties: action: description: |- - action is the action to perform on the matched labels. - Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - type: string - dropEqual: - description: |- - dropEqual configures the DropEqual action. - Required when action is DropEqual. - Requires Prometheus >= v2.41.0. + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. properties: - targetLabel: + dropEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - hashMod: - description: |- - hashMod configures the HashMod action. - Required when action is HashMod. - properties: - targetLabel: + dropEqual configures the DropEqual action. + Required when type is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - keepEqual: - description: |- - keepEqual configures the KeepEqual action. - Required when action is KeepEqual. - Requires Prometheus >= v2.41.0. - properties: - targetLabel: + hashMod configures the HashMod action. + Required when type is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - labelMap: - description: |- - labelMap configures the LabelMap action. - Required when action is LabelMap. - properties: - replacement: + keepEqual configures the KeepEqual action. + Required when type is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Must be at most 255 characters in length. - maxLength: 255 - type: string - type: object - lowercase: - description: |- - lowercase configures the Lowercase action. - Required when action is Lowercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: + labelMap configures the LabelMap action. + Required when type is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + type: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 + type specifies the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - - targetLabel + - type type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' name: description: |- name is a unique identifier for this relabel configuration. @@ -2558,31 +2636,6 @@ spec: maxLength: 1000 minLength: 1 type: string - replace: - description: |- - replace configures the Replace action. - Required when action is Replace. - properties: - replacement: - description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object separator: description: |- separator is the character sequence used to join source label values. @@ -2603,7 +2656,7 @@ spec: Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. - Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: @@ -2619,39 +2672,10 @@ spec: minItems: 1 type: array x-kubernetes-list-type: set - uppercase: - description: |- - uppercase configures the Uppercase action. - Required when action is Uppercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object required: - action - name type: object - x-kubernetes-validations: - - message: exactly one action-specific configuration must - be specified and must match the action type - rule: '(self.action == ''Replace'' ? has(self.replace) - : !has(self.replace)) && (self.action == ''HashMod'' - ? has(self.hashMod) : !has(self.hashMod)) && (self.action - == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) - && (self.action == ''Uppercase'' ? has(self.uppercase) - : !has(self.uppercase)) && (self.action == ''KeepEqual'' - ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action - == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) - && (self.action == ''LabelMap'' ? has(self.labelMap) - : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 1a4ac2ecdbd..12a15229627 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1922,7 +1922,9 @@ spec: name: description: |- name is an optional identifier for this remote write configuration. + This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. + If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified. maxLength: 63 @@ -2426,116 +2428,192 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: |- - RelabelConfig represents a relabeling rule. - Exactly one action-specific configuration must be specified based on the action type. + description: RelabelConfig represents a relabeling rule. properties: action: description: |- - action is the action to perform on the matched labels. - Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - type: string - dropEqual: - description: |- - dropEqual configures the DropEqual action. - Required when action is DropEqual. - Requires Prometheus >= v2.41.0. + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. properties: - targetLabel: + dropEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - hashMod: - description: |- - hashMod configures the HashMod action. - Required when action is HashMod. - properties: - targetLabel: + dropEqual configures the DropEqual action. + Required when type is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - keepEqual: - description: |- - keepEqual configures the KeepEqual action. - Required when action is KeepEqual. - Requires Prometheus >= v2.41.0. - properties: - targetLabel: + hashMod configures the HashMod action. + Required when type is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - labelMap: - description: |- - labelMap configures the LabelMap action. - Required when action is LabelMap. - properties: - replacement: + keepEqual configures the KeepEqual action. + Required when type is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Must be at most 255 characters in length. - maxLength: 255 - type: string - type: object - lowercase: - description: |- - lowercase configures the Lowercase action. - Required when action is Lowercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: + labelMap configures the LabelMap action. + Required when type is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + type: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 + type specifies the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - - targetLabel + - type type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' name: description: |- name is a unique identifier for this relabel configuration. @@ -2558,31 +2636,6 @@ spec: maxLength: 1000 minLength: 1 type: string - replace: - description: |- - replace configures the Replace action. - Required when action is Replace. - properties: - replacement: - description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object separator: description: |- separator is the character sequence used to join source label values. @@ -2603,7 +2656,7 @@ spec: Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. - Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: @@ -2619,39 +2672,10 @@ spec: minItems: 1 type: array x-kubernetes-list-type: set - uppercase: - description: |- - uppercase configures the Uppercase action. - Required when action is Uppercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object required: - action - name type: object - x-kubernetes-validations: - - message: exactly one action-specific configuration must - be specified and must match the action type - rule: '(self.action == ''Replace'' ? has(self.replace) - : !has(self.replace)) && (self.action == ''HashMod'' - ? has(self.hashMod) : !has(self.hashMod)) && (self.action - == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) - && (self.action == ''Uppercase'' ? has(self.uppercase) - : !has(self.uppercase)) && (self.action == ''KeepEqual'' - ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action - == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) - && (self.action == ''LabelMap'' ? has(self.labelMap) - : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index debe91fc726..4515e8ddfd9 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -1408,13 +1408,8 @@ func (in *QueueConfig) DeepCopy() *QueueConfig { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { +func (in *RelabelActionConfig) DeepCopyInto(out *RelabelActionConfig) { *out = *in - if in.SourceLabels != nil { - in, out := &in.SourceLabels, &out.SourceLabels - *out = make([]string, len(*in)) - copy(*out, *in) - } in.Replace.DeepCopyInto(&out.Replace) out.HashMod = in.HashMod out.Lowercase = in.Lowercase @@ -1429,6 +1424,28 @@ func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { return } +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelActionConfig. +func (in *RelabelActionConfig) DeepCopy() *RelabelActionConfig { + if in == nil { + return nil + } + out := new(RelabelActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { + *out = *in + if in.SourceLabels != nil { + in, out := &in.SourceLabels, &out.SourceLabels + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.Action.DeepCopyInto(&out.Action) + return +} + // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelConfig. func (in *RelabelConfig) DeepCopy() *RelabelConfig { if in == nil { diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index d64b50de168..173d4670e6a 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -1922,7 +1922,9 @@ spec: name: description: |- name is an optional identifier for this remote write configuration. + This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. + If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified. maxLength: 63 @@ -2426,116 +2428,192 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: |- - RelabelConfig represents a relabeling rule. - Exactly one action-specific configuration must be specified based on the action type. + description: RelabelConfig represents a relabeling rule. properties: action: description: |- - action is the action to perform on the matched labels. - Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - type: string - dropEqual: - description: |- - dropEqual configures the DropEqual action. - Required when action is DropEqual. - Requires Prometheus >= v2.41.0. + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. properties: - targetLabel: + dropEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - hashMod: - description: |- - hashMod configures the HashMod action. - Required when action is HashMod. - properties: - targetLabel: + dropEqual configures the DropEqual action. + Required when type is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - keepEqual: - description: |- - keepEqual configures the KeepEqual action. - Required when action is KeepEqual. - Requires Prometheus >= v2.41.0. - properties: - targetLabel: + hashMod configures the HashMod action. + Required when type is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - labelMap: - description: |- - labelMap configures the LabelMap action. - Required when action is LabelMap. - properties: - replacement: + keepEqual configures the KeepEqual action. + Required when type is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Must be at most 255 characters in length. - maxLength: 255 - type: string - type: object - lowercase: - description: |- - lowercase configures the Lowercase action. - Required when action is Lowercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: + labelMap configures the LabelMap action. + Required when type is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + type: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 + type specifies the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - - targetLabel + - type type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' name: description: |- name is a unique identifier for this relabel configuration. @@ -2558,31 +2636,6 @@ spec: maxLength: 1000 minLength: 1 type: string - replace: - description: |- - replace configures the Replace action. - Required when action is Replace. - properties: - replacement: - description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object separator: description: |- separator is the character sequence used to join source label values. @@ -2603,7 +2656,7 @@ spec: Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. - Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: @@ -2619,39 +2672,10 @@ spec: minItems: 1 type: array x-kubernetes-list-type: set - uppercase: - description: |- - uppercase configures the Uppercase action. - Required when action is Uppercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object required: - action - name type: object - x-kubernetes-validations: - - message: exactly one action-specific configuration must - be specified and must match the action type - rule: '(self.action == ''Replace'' ? has(self.replace) - : !has(self.replace)) && (self.action == ''HashMod'' - ? has(self.hashMod) : !has(self.hashMod)) && (self.action - == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) - && (self.action == ''Uppercase'' ? has(self.uppercase) - : !has(self.uppercase)) && (self.action == ''KeepEqual'' - ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action - == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) - && (self.action == ''LabelMap'' ? has(self.labelMap) - : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 206346fea90..80b6f4c6738 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -382,20 +382,29 @@ func (QueueConfig) SwaggerDoc() map[string]string { return map_QueueConfig } +var map_RelabelActionConfig = map[string]string{ + "": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + "type": "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", + "replace": "replace configures the Replace action. Required when type is Replace.", + "hashMod": "hashMod configures the HashMod action. Required when type is HashMod.", + "lowercase": "lowercase configures the Lowercase action. Required when type is Lowercase. Requires Prometheus >= v2.36.0.", + "uppercase": "uppercase configures the Uppercase action. Required when type is Uppercase. Requires Prometheus >= v2.36.0.", + "keepEqual": "keepEqual configures the KeepEqual action. Required when type is KeepEqual. Requires Prometheus >= v2.41.0.", + "dropEqual": "dropEqual configures the DropEqual action. Required when type is DropEqual. Requires Prometheus >= v2.41.0.", + "labelMap": "labelMap configures the LabelMap action. Required when type is LabelMap.", +} + +func (RelabelActionConfig) SwaggerDoc() map[string]string { + return map_RelabelActionConfig +} + var map_RelabelConfig = map[string]string{ - "": "RelabelConfig represents a relabeling rule. Exactly one action-specific configuration must be specified based on the action type.", + "": "RelabelConfig represents a relabeling rule.", "name": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", - "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", "separator": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", "regex": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", - "action": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", - "replace": "replace configures the Replace action. Required when action is Replace.", - "hashMod": "hashMod configures the HashMod action. Required when action is HashMod.", - "lowercase": "lowercase configures the Lowercase action. Required when action is Lowercase. Requires Prometheus >= v2.36.0.", - "uppercase": "uppercase configures the Uppercase action. Required when action is Uppercase. Requires Prometheus >= v2.36.0.", - "keepEqual": "keepEqual configures the KeepEqual action. Required when action is KeepEqual. Requires Prometheus >= v2.41.0.", - "dropEqual": "dropEqual configures the DropEqual action. Required when action is DropEqual. Requires Prometheus >= v2.41.0.", - "labelMap": "labelMap configures the LabelMap action. Required when action is LabelMap.", + "action": "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", } func (RelabelConfig) SwaggerDoc() map[string]string { @@ -405,7 +414,7 @@ func (RelabelConfig) SwaggerDoc() map[string]string { var map_RemoteWriteSpec = map[string]string{ "": "RemoteWriteSpec represents configuration for remote write endpoints.", "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", - "name": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + "name": "name is an optional identifier for this remote write configuration. This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", "authorization": "authorization defines the authorization settings for remote write storage. When omitted, no authorization is performed.", "basicAuth": "basicAuth defines basic authentication settings for the remote write endpoint URL. When omitted, no basic authentication is performed.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 0c09e8f5e2d..1ba80423107 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -502,6 +502,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.PrometheusConfig": schema_openshift_api_config_v1alpha1_PrometheusConfig(ref), "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref), "github.com/openshift/api/config/v1alpha1.QueueConfig": schema_openshift_api_config_v1alpha1_QueueConfig(ref), + "github.com/openshift/api/config/v1alpha1.RelabelActionConfig": schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref), "github.com/openshift/api/config/v1alpha1.RelabelConfig": schema_openshift_api_config_v1alpha1_RelabelConfig(ref), "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec": schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref), "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig": schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref), @@ -24858,129 +24859,84 @@ func schema_openshift_api_config_v1alpha1_QueueConfig(ref common.ReferenceCallba } } -func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RelabelConfig represents a relabeling rule. Exactly one action-specific configuration must be specified based on the action type.", + Description: "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", - Type: []string{"string"}, - Format: "", - }, - }, - "sourceLabels": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "separator": { - SchemaProps: spec.SchemaProps{ - Description: "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", - Type: []string{"string"}, - Format: "", - }, - }, - "regex": { - SchemaProps: spec.SchemaProps{ - Description: "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", - Type: []string{"string"}, - Format: "", - }, - }, - "action": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", + Description: "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", Type: []string{"string"}, Format: "", }, }, "replace": { SchemaProps: spec.SchemaProps{ - Description: "replace configures the Replace action. Required when action is Replace.", + Description: "replace configures the Replace action. Required when type is Replace.", Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.ReplaceActionConfig"), }, }, "hashMod": { SchemaProps: spec.SchemaProps{ - Description: "hashMod configures the HashMod action. Required when action is HashMod.", + Description: "hashMod configures the HashMod action. Required when type is HashMod.", Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.HashModActionConfig"), }, }, "lowercase": { SchemaProps: spec.SchemaProps{ - Description: "lowercase configures the Lowercase action. Required when action is Lowercase. Requires Prometheus >= v2.36.0.", + Description: "lowercase configures the Lowercase action. Required when type is Lowercase. Requires Prometheus >= v2.36.0.", Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.LowercaseActionConfig"), }, }, "uppercase": { SchemaProps: spec.SchemaProps{ - Description: "uppercase configures the Uppercase action. Required when action is Uppercase. Requires Prometheus >= v2.36.0.", + Description: "uppercase configures the Uppercase action. Required when type is Uppercase. Requires Prometheus >= v2.36.0.", Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"), }, }, "keepEqual": { SchemaProps: spec.SchemaProps{ - Description: "keepEqual configures the KeepEqual action. Required when action is KeepEqual. Requires Prometheus >= v2.41.0.", + Description: "keepEqual configures the KeepEqual action. Required when type is KeepEqual. Requires Prometheus >= v2.41.0.", Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig"), }, }, "dropEqual": { SchemaProps: spec.SchemaProps{ - Description: "dropEqual configures the DropEqual action. Required when action is DropEqual. Requires Prometheus >= v2.41.0.", + Description: "dropEqual configures the DropEqual action. Required when type is DropEqual. Requires Prometheus >= v2.41.0.", Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.DropEqualActionConfig"), }, }, "labelMap": { SchemaProps: spec.SchemaProps{ - Description: "labelMap configures the LabelMap action. Required when action is LabelMap.", + Description: "labelMap configures the LabelMap action. Required when type is LabelMap.", Ref: ref("github.com/openshift/api/config/v1alpha1.LabelMapActionConfig"), }, }, }, - Required: []string{"name", "action"}, + Required: []string{"type"}, }, VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-unions": []interface{}{ map[string]interface{}{ - "discriminator": "action", + "discriminator": "type", "fields-to-discriminateBy": map[string]interface{}{ - "dropEqual": "DropEqual", - "hashMod": "HashMod", - "keepEqual": "KeepEqual", - "labelMap": "LabelMap", - "lowercase": "Lowercase", - "name": "Name", - "regex": "Regex", - "replace": "Replace", - "separator": "Separator", - "sourceLabels": "SourceLabels", - "uppercase": "Uppercase", + "dropEqual": "DropEqual", + "hashMod": "HashMod", + "keepEqual": "KeepEqual", + "labelMap": "LabelMap", + "lowercase": "Lowercase", + "replace": "Replace", + "uppercase": "Uppercase", }, }, }, @@ -24992,6 +24948,70 @@ func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCall } } +func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RelabelConfig represents a relabeling rule.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "sourceLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "separator": { + SchemaProps: spec.SchemaProps{ + Description: "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "regex": { + SchemaProps: spec.SchemaProps{ + Description: "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "action": { + SchemaProps: spec.SchemaProps{ + Description: "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RelabelActionConfig"), + }, + }, + }, + Required: []string{"name", "action"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.RelabelActionConfig"}, + } +} + func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -25008,7 +25028,7 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa }, "name": { SchemaProps: spec.SchemaProps{ - Description: "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + Description: "name is an optional identifier for this remote write configuration. This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", Type: []string{"string"}, Format: "", }, diff --git a/openapi/openapi.json b/openapi/openapi.json index ff1d6d6e31c..ff0b04e6f5a 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -13464,93 +13464,103 @@ } } }, - "com.github.openshift.api.config.v1alpha1.RelabelConfig": { - "description": "RelabelConfig represents a relabeling rule. Exactly one action-specific configuration must be specified based on the action type.", + "com.github.openshift.api.config.v1alpha1.RelabelActionConfig": { + "description": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", "type": "object", "required": [ - "name", - "action" + "type" ], "properties": { - "action": { - "description": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", - "type": "string" - }, "dropEqual": { - "description": "dropEqual configures the DropEqual action. Required when action is DropEqual. Requires Prometheus >= v2.41.0.", + "description": "dropEqual configures the DropEqual action. Required when type is DropEqual. Requires Prometheus >= v2.41.0.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DropEqualActionConfig" }, "hashMod": { - "description": "hashMod configures the HashMod action. Required when action is HashMod.", + "description": "hashMod configures the HashMod action. Required when type is HashMod.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.HashModActionConfig" }, "keepEqual": { - "description": "keepEqual configures the KeepEqual action. Required when action is KeepEqual. Requires Prometheus >= v2.41.0.", + "description": "keepEqual configures the KeepEqual action. Required when type is KeepEqual. Requires Prometheus >= v2.41.0.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig" }, "labelMap": { - "description": "labelMap configures the LabelMap action. Required when action is LabelMap.", + "description": "labelMap configures the LabelMap action. Required when type is LabelMap.", "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LabelMapActionConfig" }, "lowercase": { - "description": "lowercase configures the Lowercase action. Required when action is Lowercase. Requires Prometheus >= v2.36.0.", + "description": "lowercase configures the Lowercase action. Required when type is Lowercase. Requires Prometheus >= v2.36.0.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LowercaseActionConfig" }, - "name": { - "description": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", - "type": "string" - }, - "regex": { - "description": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", - "type": "string" - }, "replace": { - "description": "replace configures the Replace action. Required when action is Replace.", + "description": "replace configures the Replace action. Required when type is Replace.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ReplaceActionConfig" }, - "separator": { - "description": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "type": { + "description": "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", "type": "string" }, - "sourceLabels": { - "description": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, "uppercase": { - "description": "uppercase configures the Uppercase action. Required when action is Uppercase. Requires Prometheus >= v2.36.0.", + "description": "uppercase configures the Uppercase action. Required when type is Uppercase. Requires Prometheus >= v2.36.0.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UppercaseActionConfig" } }, "x-kubernetes-unions": [ { - "discriminator": "action", + "discriminator": "type", "fields-to-discriminateBy": { "dropEqual": "DropEqual", "hashMod": "HashMod", "keepEqual": "KeepEqual", "labelMap": "LabelMap", "lowercase": "Lowercase", - "name": "Name", - "regex": "Regex", "replace": "Replace", - "separator": "Separator", - "sourceLabels": "SourceLabels", "uppercase": "Uppercase" } } ] }, + "com.github.openshift.api.config.v1alpha1.RelabelConfig": { + "description": "RelabelConfig represents a relabeling rule.", + "type": "object", + "required": [ + "name", + "action" + ], + "properties": { + "action": { + "description": "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RelabelActionConfig" + }, + "name": { + "description": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "type": "string" + }, + "regex": { + "description": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + "type": "string" + }, + "separator": { + "description": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "type": "string" + }, + "sourceLabels": { + "description": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + } + } + }, "com.github.openshift.api.config.v1alpha1.RemoteWriteSpec": { "description": "RemoteWriteSpec represents configuration for remote write endpoints.", "type": "object", @@ -13583,7 +13593,7 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetadataConfig" }, "name": { - "description": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + "description": "name is an optional identifier for this remote write configuration. This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", "type": "string" }, "oauth2": { diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 817100a36fd..532d9eac45c 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1922,7 +1922,9 @@ spec: name: description: |- name is an optional identifier for this remote write configuration. + This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. + If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified. maxLength: 63 @@ -2426,116 +2428,192 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: |- - RelabelConfig represents a relabeling rule. - Exactly one action-specific configuration must be specified based on the action type. + description: RelabelConfig represents a relabeling rule. properties: action: description: |- - action is the action to perform on the matched labels. - Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - type: string - dropEqual: - description: |- - dropEqual configures the DropEqual action. - Required when action is DropEqual. - Requires Prometheus >= v2.41.0. + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. properties: - targetLabel: + dropEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - hashMod: - description: |- - hashMod configures the HashMod action. - Required when action is HashMod. - properties: - targetLabel: + dropEqual configures the DropEqual action. + Required when type is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - keepEqual: - description: |- - keepEqual configures the KeepEqual action. - Required when action is KeepEqual. - Requires Prometheus >= v2.41.0. - properties: - targetLabel: + hashMod configures the HashMod action. + Required when type is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - labelMap: - description: |- - labelMap configures the LabelMap action. - Required when action is LabelMap. - properties: - replacement: + keepEqual configures the KeepEqual action. + Required when type is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Must be at most 255 characters in length. - maxLength: 255 - type: string - type: object - lowercase: - description: |- - lowercase configures the Lowercase action. - Required when action is Lowercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: + labelMap configures the LabelMap action. + Required when type is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + type: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 + type specifies the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - - targetLabel + - type type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' name: description: |- name is a unique identifier for this relabel configuration. @@ -2558,31 +2636,6 @@ spec: maxLength: 1000 minLength: 1 type: string - replace: - description: |- - replace configures the Replace action. - Required when action is Replace. - properties: - replacement: - description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object separator: description: |- separator is the character sequence used to join source label values. @@ -2603,7 +2656,7 @@ spec: Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. - Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: @@ -2619,39 +2672,10 @@ spec: minItems: 1 type: array x-kubernetes-list-type: set - uppercase: - description: |- - uppercase configures the Uppercase action. - Required when action is Uppercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object required: - action - name type: object - x-kubernetes-validations: - - message: exactly one action-specific configuration must - be specified and must match the action type - rule: '(self.action == ''Replace'' ? has(self.replace) - : !has(self.replace)) && (self.action == ''HashMod'' - ? has(self.hashMod) : !has(self.hashMod)) && (self.action - == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) - && (self.action == ''Uppercase'' ? has(self.uppercase) - : !has(self.uppercase)) && (self.action == ''KeepEqual'' - ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action - == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) - && (self.action == ''LabelMap'' ? has(self.labelMap) - : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 56e78a7b5f5..a4c3ab56850 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1922,7 +1922,9 @@ spec: name: description: |- name is an optional identifier for this remote write configuration. + This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. + If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified. maxLength: 63 @@ -2426,116 +2428,192 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: |- - RelabelConfig represents a relabeling rule. - Exactly one action-specific configuration must be specified based on the action type. + description: RelabelConfig represents a relabeling rule. properties: action: description: |- - action is the action to perform on the matched labels. - Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - type: string - dropEqual: - description: |- - dropEqual configures the DropEqual action. - Required when action is DropEqual. - Requires Prometheus >= v2.41.0. + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. properties: - targetLabel: + dropEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - hashMod: - description: |- - hashMod configures the HashMod action. - Required when action is HashMod. - properties: - targetLabel: + dropEqual configures the DropEqual action. + Required when type is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - keepEqual: - description: |- - keepEqual configures the KeepEqual action. - Required when action is KeepEqual. - Requires Prometheus >= v2.41.0. - properties: - targetLabel: + hashMod configures the HashMod action. + Required when type is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - labelMap: - description: |- - labelMap configures the LabelMap action. - Required when action is LabelMap. - properties: - replacement: + keepEqual configures the KeepEqual action. + Required when type is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Must be at most 255 characters in length. - maxLength: 255 - type: string - type: object - lowercase: - description: |- - lowercase configures the Lowercase action. - Required when action is Lowercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: + labelMap configures the LabelMap action. + Required when type is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + type: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 + type specifies the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - - targetLabel + - type type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' name: description: |- name is a unique identifier for this relabel configuration. @@ -2558,31 +2636,6 @@ spec: maxLength: 1000 minLength: 1 type: string - replace: - description: |- - replace configures the Replace action. - Required when action is Replace. - properties: - replacement: - description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object separator: description: |- separator is the character sequence used to join source label values. @@ -2603,7 +2656,7 @@ spec: Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. - Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: @@ -2619,39 +2672,10 @@ spec: minItems: 1 type: array x-kubernetes-list-type: set - uppercase: - description: |- - uppercase configures the Uppercase action. - Required when action is Uppercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object required: - action - name type: object - x-kubernetes-validations: - - message: exactly one action-specific configuration must - be specified and must match the action type - rule: '(self.action == ''Replace'' ? has(self.replace) - : !has(self.replace)) && (self.action == ''HashMod'' - ? has(self.hashMod) : !has(self.hashMod)) && (self.action - == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) - && (self.action == ''Uppercase'' ? has(self.uppercase) - : !has(self.uppercase)) && (self.action == ''KeepEqual'' - ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action - == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) - && (self.action == ''LabelMap'' ? has(self.labelMap) - : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 1a4ac2ecdbd..12a15229627 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1922,7 +1922,9 @@ spec: name: description: |- name is an optional identifier for this remote write configuration. + This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. + If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified. maxLength: 63 @@ -2426,116 +2428,192 @@ spec: Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name. items: - description: |- - RelabelConfig represents a relabeling rule. - Exactly one action-specific configuration must be specified based on the action type. + description: RelabelConfig represents a relabeling rule. properties: action: description: |- - action is the action to perform on the matched labels. - Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - - Lowercase - - Uppercase - - KeepEqual - - DropEqual - type: string - dropEqual: - description: |- - dropEqual configures the DropEqual action. - Required when action is DropEqual. - Requires Prometheus >= v2.41.0. + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. properties: - targetLabel: + dropEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - hashMod: - description: |- - hashMod configures the HashMod action. - Required when action is HashMod. - properties: - targetLabel: + dropEqual configures the DropEqual action. + Required when type is DropEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - keepEqual: - description: |- - keepEqual configures the KeepEqual action. - Required when action is KeepEqual. - Requires Prometheus >= v2.41.0. - properties: - targetLabel: + hashMod configures the HashMod action. + Required when type is HashMod. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + keepEqual: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object - labelMap: - description: |- - labelMap configures the LabelMap action. - Required when action is LabelMap. - properties: - replacement: + keepEqual configures the KeepEqual action. + Required when type is KeepEqual. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Must be at most 255 characters in length. - maxLength: 255 - type: string - type: object - lowercase: - description: |- - lowercase configures the Lowercase action. - Required when action is Lowercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: + labelMap configures the LabelMap action. + Required when type is LabelMap. + properties: + replacement: + description: |- + replacement value used to derive new label names from labels matching the regex. + Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Must be at most 255 characters in length. + maxLength: 255 + type: string + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace. + properties: + replacement: + description: |- + replacement value against which a Replace action is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + type: description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 + type specifies the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. + - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. + - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object required: - - targetLabel + - type type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' name: description: |- name is a unique identifier for this relabel configuration. @@ -2558,31 +2636,6 @@ spec: maxLength: 1000 minLength: 1 type: string - replace: - description: |- - replace configures the Replace action. - Required when action is Replace. - properties: - replacement: - description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). - When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - The default value is "$1" (the first capture group). - Setting to an empty string ("") explicitly clears the target label value. - Must be at most 255 characters in length. - maxLength: 255 - type: string - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object separator: description: |- separator is the character sequence used to join source label values. @@ -2603,7 +2656,7 @@ spec: Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. - Label names SHOULD match the regex [a-zA-Z_][a-zA-Z0-9_]* for best compatibility. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). items: @@ -2619,39 +2672,10 @@ spec: minItems: 1 type: array x-kubernetes-list-type: set - uppercase: - description: |- - uppercase configures the Uppercase action. - Required when action is Uppercase. - Requires Prometheus >= v2.36.0. - properties: - targetLabel: - description: |- - targetLabel is the target label name where the result is written. - Must be between 1 and 128 characters in length. - maxLength: 128 - minLength: 1 - type: string - required: - - targetLabel - type: object required: - action - name type: object - x-kubernetes-validations: - - message: exactly one action-specific configuration must - be specified and must match the action type - rule: '(self.action == ''Replace'' ? has(self.replace) - : !has(self.replace)) && (self.action == ''HashMod'' - ? has(self.hashMod) : !has(self.hashMod)) && (self.action - == ''Lowercase'' ? has(self.lowercase) : !has(self.lowercase)) - && (self.action == ''Uppercase'' ? has(self.uppercase) - : !has(self.uppercase)) && (self.action == ''KeepEqual'' - ? has(self.keepEqual) : !has(self.keepEqual)) && (self.action - == ''DropEqual'' ? has(self.dropEqual) : !has(self.dropEqual)) - && (self.action == ''LabelMap'' ? has(self.labelMap) - : !has(self.labelMap))' maxItems: 10 minItems: 1 type: array From 6469904e5e3ac12676693eba6fcf261ca5f80311 Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Wed, 28 Jan 2026 11:33:52 +0100 Subject: [PATCH 6/9] fix linter Signed-off-by: Mario Fernandez --- config/v1alpha1/types_cluster_monitoring.go | 99 +++++++++++++------ ...lustermonitorings-CustomNoUpgrade.crd.yaml | 47 +++++---- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 47 +++++---- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 47 +++++---- config/v1alpha1/zz_generated.deepcopy.go | 52 +++++----- .../ClusterMonitoringConfig.yaml | 47 +++++---- .../zz_generated.swagger_doc_generated.go | 6 +- .../generated_openapi/zz_generated.openapi.go | 21 ++-- openapi/openapi.json | 19 ++-- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 47 +++++---- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 47 +++++---- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 47 +++++---- 12 files changed, 331 insertions(+), 195 deletions(-) diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index e213e4a8213..0f527d9bf61 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -816,11 +816,11 @@ type RemoteWriteSpec struct { // authorization defines the authorization settings for remote write storage. // When omitted, no authorization is performed. // +optional - Authorization *SafeAuthorization `json:"authorization,omitempty,omitzero"` + Authorization SafeAuthorization `json:"authorization,omitempty,omitzero"` // basicAuth defines basic authentication settings for the remote write endpoint URL. // When omitted, no basic authentication is performed. // +optional - BasicAuth *BasicAuth `json:"basicAuth,omitempty,omitzero"` + BasicAuth BasicAuth `json:"basicAuth,omitempty,omitzero"` // bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. // However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. // When omitted, no bearer token file is used. @@ -844,7 +844,7 @@ type RemoteWriteSpec struct { // oauth2 defines OAuth2 authentication settings for the remote write endpoint. // When omitted, no OAuth2 authentication is performed. // +optional - OAuth2 *OAuth2 `json:"oauth2,omitempty,omitzero"` + OAuth2 OAuth2 `json:"oauth2,omitempty,omitzero"` // proxyUrl defines an optional proxy URL. // If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. // The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. @@ -866,14 +866,15 @@ type RemoteWriteSpec struct { // Minimum value is 1 second. // Maximum value is 10 minutes. // +optional - // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - RemoteTimeout string `json:"remoteTimeout,omitempty"` - // sendExemplars enables sending exemplars via remote write. - // When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + // +kubebuilder:validation:MaxLength=20 + RemoteTimeout *string `json:"remoteTimeout,omitempty"` + // sendExemplars defines whether exemplars are sent via remote write. + // When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. // Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - // When omitted, exemplars are not sent. + // When omitted or set to "Disabled", exemplars are not sent. + // Valid values are "Enabled" and "Disabled". // +optional - SendExemplars *bool `json:"sendExemplars,omitempty"` + SendExemplars ExemplarSendMode `json:"sendExemplars,omitempty"` // sigv4 defines AWS Signature Version 4 authentication settings. // When omitted, no AWS SigV4 authentication is performed. // +optional @@ -881,7 +882,7 @@ type RemoteWriteSpec struct { // tlsConfig defines TLS authentication settings for the remote write endpoint. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // +optional - TLSConfig *TLSConfig `json:"tlsConfig,omitempty,omitzero"` + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` } // SafeAuthorization defines the authorization settings for remote write storage. @@ -907,28 +908,29 @@ type BasicAuth struct { // username defines the secret reference containing the username for basic authentication. // The secret must exist in the openshift-monitoring namespace. // +required - Username SecretKeySelector `json:"username,omitempty"` + Username SecretKeySelector `json:"username,omitzero,omitempty"` // password defines the secret reference containing the password for basic authentication. // The secret must exist in the openshift-monitoring namespace. // +required - Password SecretKeySelector `json:"password,omitempty"` + Password SecretKeySelector `json:"password,omitzero,omitempty"` } // MetadataConfig defines settings for sending series metadata to remote write storage. type MetadataConfig struct { - // send enables sending series metadata. - // When set to true, Prometheus sends metadata about time series to the remote write endpoint. - // When omitted or set to false, no metadata is sent. + // send defines whether series metadata is sent to the remote write endpoint. + // When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. + // When omitted or set to "Disabled", no metadata is sent. + // Valid values are "Enabled" and "Disabled". // +optional - Send *bool `json:"send,omitempty"` + Send MetadataSendMode `json:"send,omitempty"` // sendInterval defines the interval at which metadata is sent. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // Must be a valid duration string (e.g., "30s", "1m", "5m"). // Minimum value is 1 second. // Maximum value is 24 hours. // +optional - // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - SendInterval string `json:"sendInterval,omitempty"` + // +kubebuilder:validation:MaxLength=20 + SendInterval *string `json:"sendInterval,omitempty"` } // OAuth2 defines OAuth2 authentication settings for the remote write endpoint. @@ -936,11 +938,11 @@ type OAuth2 struct { // clientId defines the secret reference containing the OAuth2 client ID. // The secret must exist in the openshift-monitoring namespace. // +required - ClientID SecretKeySelector `json:"clientId,omitempty"` + ClientID SecretKeySelector `json:"clientId,omitzero,omitempty"` // clientSecret defines the secret reference containing the OAuth2 client secret. // The secret must exist in the openshift-monitoring namespace. // +required - ClientSecret SecretKeySelector `json:"clientSecret,omitempty"` + ClientSecret SecretKeySelector `json:"clientSecret,omitzero,omitempty"` // tokenUrl is the URL to fetch the token from. // Must be a valid URL with http or https scheme. // Must be between 1 and 2048 characters in length. @@ -957,6 +959,7 @@ type OAuth2 struct { // +kubebuilder:validation:MaxItems=20 // +kubebuilder:validation:items:MinLength=1 // +kubebuilder:validation:items:MaxLength=256 + // +listType=atomic Scopes []string `json:"scopes,omitempty"` // endpointParams defines additional parameters to append to the token URL. // When omitted, no additional parameters are sent. @@ -1011,29 +1014,30 @@ type QueueConfig struct { // Minimum value is 1 second. // Maximum value is 1 hour. // +optional - // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - BatchSendDeadline string `json:"batchSendDeadline,omitempty"` + // +kubebuilder:validation:MaxLength=20 + BatchSendDeadline *string `json:"batchSendDeadline,omitempty"` // minBackoff is the minimum retry delay. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // Must be a valid duration string (e.g., "30ms", "1s"). // Minimum value is 1 millisecond. // Maximum value is 1 hour. // +optional - // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - MinBackoff string `json:"minBackoff,omitempty"` + // +kubebuilder:validation:MaxLength=20 + MinBackoff *string `json:"minBackoff,omitempty"` // maxBackoff is the maximum retry delay. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // Must be a valid duration string (e.g., "5s", "1m"). // Minimum value is 1 millisecond. // Maximum value is 1 hour. // +optional - // +kubebuilder:validation:Pattern=^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - MaxBackoff string `json:"maxBackoff,omitempty"` - // retryOnRateLimit enables retries on HTTP 429 responses. - // When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - // When omitted or set to false, no retries are performed on rate limit responses. + // +kubebuilder:validation:MaxLength=20 + MaxBackoff *string `json:"maxBackoff,omitempty"` + // retryOnRateLimit defines whether to retry requests on HTTP 429 responses. + // When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + // When omitted or set to "Disabled", no retries are performed on rate limit responses. + // Valid values are "Enabled" and "Disabled". // +optional - RetryOnRateLimit *bool `json:"retryOnRateLimit,omitempty"` + RetryOnRateLimit RetryOnRateLimitMode `json:"retryOnRateLimit,omitempty"` } // Sigv4 defines AWS Signature Version 4 authentication settings. @@ -1127,7 +1131,7 @@ type RelabelConfig struct { // action defines the action to perform on the matched labels and its configuration. // Exactly one action-specific configuration must be specified based on the action type. // +required - Action RelabelActionConfig `json:"action"` + Action RelabelActionConfig `json:"action,omitzero"` } // RelabelActionConfig represents the action to perform and its configuration. @@ -1480,6 +1484,39 @@ const ( VerbosityLevelTraceAll VerbosityLevel = "TraceAll" ) +// ExemplarSendMode defines whether exemplars are sent via remote write. +// +kubebuilder:validation:Enum=Enabled;Disabled +type ExemplarSendMode string + +const ( + // ExemplarSendModeEnabled means exemplars are sent via remote write. + ExemplarSendModeEnabled ExemplarSendMode = "Enabled" + // ExemplarSendModeDisabled means exemplars are not sent via remote write. + ExemplarSendModeDisabled ExemplarSendMode = "Disabled" +) + +// MetadataSendMode defines whether series metadata is sent to remote write storage. +// +kubebuilder:validation:Enum=Enabled;Disabled +type MetadataSendMode string + +const ( + // MetadataSendModeEnabled means metadata is sent to the remote write endpoint. + MetadataSendModeEnabled MetadataSendMode = "Enabled" + // MetadataSendModeDisabled means no metadata is sent to the remote write endpoint. + MetadataSendModeDisabled MetadataSendMode = "Disabled" +) + +// RetryOnRateLimitMode defines whether to retry requests on HTTP 429 responses. +// +kubebuilder:validation:Enum=Enabled;Disabled +type RetryOnRateLimitMode string + +const ( + // RetryOnRateLimitModeEnabled means requests will be retried on HTTP 429 responses. + RetryOnRateLimitModeEnabled RetryOnRateLimitMode = "Enabled" + // RetryOnRateLimitModeDisabled means no retries are performed on HTTP 429 responses. + RetryOnRateLimitModeDisabled RetryOnRateLimitMode = "Disabled" +) + // Audit profile configurations type Audit struct { // profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 532d9eac45c..67bbf1ee32f 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1905,10 +1905,14 @@ spec: properties: send: description: |- - send enables sending series metadata. - When set to true, Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to false, no metadata is sent. - type: boolean + send defines whether series metadata is sent to the remote write endpoint. + When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "Disabled", no metadata is sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sendInterval: description: |- sendInterval defines the interval at which metadata is sent. @@ -1916,7 +1920,7 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 24 hours. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string type: object name: @@ -2031,6 +2035,7 @@ spec: type: string maxItems: 20 type: array + x-kubernetes-list-type: atomic tokenUrl: description: |- tokenUrl is the URL to fetch the token from. @@ -2075,7 +2080,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string capacity: description: |- @@ -2095,7 +2100,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string maxSamplesPerSend: description: |- @@ -2126,7 +2131,7 @@ spec: Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string minShards: description: |- @@ -2141,10 +2146,14 @@ spec: type: integer retryOnRateLimit: description: |- - retryOnRateLimit enables retries on HTTP 429 responses. - When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to false, no retries are performed on rate limit responses. - type: boolean + retryOnRateLimit defines whether to retry requests on HTTP 429 responses. + When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to "Disabled", no retries are performed on rate limit responses. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string type: object remoteTimeout: description: |- @@ -2153,15 +2162,19 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 10 minutes. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string sendExemplars: description: |- - sendExemplars enables sending exemplars via remote write. - When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + sendExemplars defines whether exemplars are sent via remote write. + When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted, exemplars are not sent. - type: boolean + When omitted or set to "Disabled", exemplars are not sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index a4c3ab56850..86e98478414 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1905,10 +1905,14 @@ spec: properties: send: description: |- - send enables sending series metadata. - When set to true, Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to false, no metadata is sent. - type: boolean + send defines whether series metadata is sent to the remote write endpoint. + When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "Disabled", no metadata is sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sendInterval: description: |- sendInterval defines the interval at which metadata is sent. @@ -1916,7 +1920,7 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 24 hours. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string type: object name: @@ -2031,6 +2035,7 @@ spec: type: string maxItems: 20 type: array + x-kubernetes-list-type: atomic tokenUrl: description: |- tokenUrl is the URL to fetch the token from. @@ -2075,7 +2080,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string capacity: description: |- @@ -2095,7 +2100,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string maxSamplesPerSend: description: |- @@ -2126,7 +2131,7 @@ spec: Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string minShards: description: |- @@ -2141,10 +2146,14 @@ spec: type: integer retryOnRateLimit: description: |- - retryOnRateLimit enables retries on HTTP 429 responses. - When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to false, no retries are performed on rate limit responses. - type: boolean + retryOnRateLimit defines whether to retry requests on HTTP 429 responses. + When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to "Disabled", no retries are performed on rate limit responses. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string type: object remoteTimeout: description: |- @@ -2153,15 +2162,19 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 10 minutes. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string sendExemplars: description: |- - sendExemplars enables sending exemplars via remote write. - When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + sendExemplars defines whether exemplars are sent via remote write. + When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted, exemplars are not sent. - type: boolean + When omitted or set to "Disabled", exemplars are not sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 12a15229627..ecec6278e6a 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1905,10 +1905,14 @@ spec: properties: send: description: |- - send enables sending series metadata. - When set to true, Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to false, no metadata is sent. - type: boolean + send defines whether series metadata is sent to the remote write endpoint. + When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "Disabled", no metadata is sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sendInterval: description: |- sendInterval defines the interval at which metadata is sent. @@ -1916,7 +1920,7 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 24 hours. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string type: object name: @@ -2031,6 +2035,7 @@ spec: type: string maxItems: 20 type: array + x-kubernetes-list-type: atomic tokenUrl: description: |- tokenUrl is the URL to fetch the token from. @@ -2075,7 +2080,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string capacity: description: |- @@ -2095,7 +2100,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string maxSamplesPerSend: description: |- @@ -2126,7 +2131,7 @@ spec: Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string minShards: description: |- @@ -2141,10 +2146,14 @@ spec: type: integer retryOnRateLimit: description: |- - retryOnRateLimit enables retries on HTTP 429 responses. - When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to false, no retries are performed on rate limit responses. - type: boolean + retryOnRateLimit defines whether to retry requests on HTTP 429 responses. + When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to "Disabled", no retries are performed on rate limit responses. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string type: object remoteTimeout: description: |- @@ -2153,15 +2162,19 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 10 minutes. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string sendExemplars: description: |- - sendExemplars enables sending exemplars via remote write. - When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + sendExemplars defines whether exemplars are sent via remote write. + When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted, exemplars are not sent. - type: boolean + When omitted or set to "Disabled", exemplars are not sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index 4515e8ddfd9..9fe54016950 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -1026,9 +1026,9 @@ func (in *LowercaseActionConfig) DeepCopy() *LowercaseActionConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MetadataConfig) DeepCopyInto(out *MetadataConfig) { *out = *in - if in.Send != nil { - in, out := &in.Send, &out.Send - *out = new(bool) + if in.SendInterval != nil { + in, out := &in.SendInterval, &out.SendInterval + *out = new(string) **out = **in } return @@ -1389,9 +1389,19 @@ func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *QueueConfig) DeepCopyInto(out *QueueConfig) { *out = *in - if in.RetryOnRateLimit != nil { - in, out := &in.RetryOnRateLimit, &out.RetryOnRateLimit - *out = new(bool) + if in.BatchSendDeadline != nil { + in, out := &in.BatchSendDeadline, &out.BatchSendDeadline + *out = new(string) + **out = **in + } + if in.MinBackoff != nil { + in, out := &in.MinBackoff, &out.MinBackoff + *out = new(string) + **out = **in + } + if in.MaxBackoff != nil { + in, out := &in.MaxBackoff, &out.MaxBackoff + *out = new(string) **out = **in } return @@ -1466,16 +1476,8 @@ func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Authorization != nil { - in, out := &in.Authorization, &out.Authorization - *out = new(SafeAuthorization) - **out = **in - } - if in.BasicAuth != nil { - in, out := &in.BasicAuth, &out.BasicAuth - *out = new(BasicAuth) - **out = **in - } + out.Authorization = in.Authorization + out.BasicAuth = in.BasicAuth if in.Headers != nil { in, out := &in.Headers, &out.Headers *out = make(map[string]string, len(*in)) @@ -1488,19 +1490,15 @@ func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { *out = new(MetadataConfig) (*in).DeepCopyInto(*out) } - if in.OAuth2 != nil { - in, out := &in.OAuth2, &out.OAuth2 - *out = new(OAuth2) - (*in).DeepCopyInto(*out) - } + in.OAuth2.DeepCopyInto(&out.OAuth2) if in.QueueConfig != nil { in, out := &in.QueueConfig, &out.QueueConfig *out = new(QueueConfig) (*in).DeepCopyInto(*out) } - if in.SendExemplars != nil { - in, out := &in.SendExemplars, &out.SendExemplars - *out = new(bool) + if in.RemoteTimeout != nil { + in, out := &in.RemoteTimeout, &out.RemoteTimeout + *out = new(string) **out = **in } if in.Sigv4 != nil { @@ -1508,11 +1506,7 @@ func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { *out = new(Sigv4) **out = **in } - if in.TLSConfig != nil { - in, out := &in.TLSConfig, &out.TLSConfig - *out = new(TLSConfig) - **out = **in - } + out.TLSConfig = in.TLSConfig return } diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 173d4670e6a..2c5e9192e88 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -1905,10 +1905,14 @@ spec: properties: send: description: |- - send enables sending series metadata. - When set to true, Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to false, no metadata is sent. - type: boolean + send defines whether series metadata is sent to the remote write endpoint. + When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "Disabled", no metadata is sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sendInterval: description: |- sendInterval defines the interval at which metadata is sent. @@ -1916,7 +1920,7 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 24 hours. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string type: object name: @@ -2031,6 +2035,7 @@ spec: type: string maxItems: 20 type: array + x-kubernetes-list-type: atomic tokenUrl: description: |- tokenUrl is the URL to fetch the token from. @@ -2075,7 +2080,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string capacity: description: |- @@ -2095,7 +2100,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string maxSamplesPerSend: description: |- @@ -2126,7 +2131,7 @@ spec: Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string minShards: description: |- @@ -2141,10 +2146,14 @@ spec: type: integer retryOnRateLimit: description: |- - retryOnRateLimit enables retries on HTTP 429 responses. - When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to false, no retries are performed on rate limit responses. - type: boolean + retryOnRateLimit defines whether to retry requests on HTTP 429 responses. + When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to "Disabled", no retries are performed on rate limit responses. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string type: object remoteTimeout: description: |- @@ -2153,15 +2162,19 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 10 minutes. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string sendExemplars: description: |- - sendExemplars enables sending exemplars via remote write. - When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + sendExemplars defines whether exemplars are sent via remote write. + When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted, exemplars are not sent. - type: boolean + When omitted or set to "Disabled", exemplars are not sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 80b6f4c6738..4142fc91c60 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -297,7 +297,7 @@ func (LowercaseActionConfig) SwaggerDoc() map[string]string { var map_MetadataConfig = map[string]string{ "": "MetadataConfig defines settings for sending series metadata to remote write storage.", - "send": "send enables sending series metadata. When set to true, Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to false, no metadata is sent.", + "send": "send defines whether series metadata is sent to the remote write endpoint. When set to \"Enabled\", Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to \"Disabled\", no metadata is sent. Valid values are \"Enabled\" and \"Disabled\".", "sendInterval": "sendInterval defines the interval at which metadata is sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 24 hours.", } @@ -375,7 +375,7 @@ var map_QueueConfig = map[string]string{ "batchSendDeadline": "batchSendDeadline is the maximum time a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 second. Maximum value is 1 hour.", "minBackoff": "minBackoff is the minimum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30ms\", \"1s\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", "maxBackoff": "maxBackoff is the maximum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", - "retryOnRateLimit": "retryOnRateLimit enables retries on HTTP 429 responses. When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to false, no retries are performed on rate limit responses.", + "retryOnRateLimit": "retryOnRateLimit defines whether to retry requests on HTTP 429 responses. When set to \"Enabled\", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to \"Disabled\", no retries are performed on rate limit responses. Valid values are \"Enabled\" and \"Disabled\".", } func (QueueConfig) SwaggerDoc() map[string]string { @@ -425,7 +425,7 @@ var map_RemoteWriteSpec = map[string]string{ "proxyUrl": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", "queueConfig": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", "remoteTimeout": "remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 10 minutes.", - "sendExemplars": "sendExemplars enables sending exemplars via remote write. When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted, exemplars are not sent.", + "sendExemplars": "sendExemplars defines whether exemplars are sent via remote write. When set to \"Enabled\", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"Disabled\", exemplars are not sent. Valid values are \"Enabled\" and \"Disabled\".", "sigv4": "sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed.", "tlsConfig": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 1ba80423107..2b04ad8e22a 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -24027,8 +24027,8 @@ func schema_openshift_api_config_v1alpha1_MetadataConfig(ref common.ReferenceCal Properties: map[string]spec.Schema{ "send": { SchemaProps: spec.SchemaProps{ - Description: "send enables sending series metadata. When set to true, Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to false, no metadata is sent.", - Type: []string{"boolean"}, + Description: "send defines whether series metadata is sent to the remote write endpoint. When set to \"Enabled\", Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to \"Disabled\", no metadata is sent. Valid values are \"Enabled\" and \"Disabled\".", + Type: []string{"string"}, Format: "", }, }, @@ -24183,6 +24183,11 @@ func schema_openshift_api_config_v1alpha1_OAuth2(ref common.ReferenceCallback) c }, }, "scopes": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", Type: []string{"array"}, @@ -24848,8 +24853,8 @@ func schema_openshift_api_config_v1alpha1_QueueConfig(ref common.ReferenceCallba }, "retryOnRateLimit": { SchemaProps: spec.SchemaProps{ - Description: "retryOnRateLimit enables retries on HTTP 429 responses. When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to false, no retries are performed on rate limit responses.", - Type: []string{"boolean"}, + Description: "retryOnRateLimit defines whether to retry requests on HTTP 429 responses. When set to \"Enabled\", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to \"Disabled\", no retries are performed on rate limit responses. Valid values are \"Enabled\" and \"Disabled\".", + Type: []string{"string"}, Format: "", }, }, @@ -25058,12 +25063,14 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa "authorization": { SchemaProps: spec.SchemaProps{ Description: "authorization defines the authorization settings for remote write storage. When omitted, no authorization is performed.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.SafeAuthorization"), }, }, "basicAuth": { SchemaProps: spec.SchemaProps{ Description: "basicAuth defines basic authentication settings for the remote write endpoint URL. When omitted, no basic authentication is performed.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.BasicAuth"), }, }, @@ -25099,6 +25106,7 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa "oauth2": { SchemaProps: spec.SchemaProps{ Description: "oauth2 defines OAuth2 authentication settings for the remote write endpoint. When omitted, no OAuth2 authentication is performed.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.OAuth2"), }, }, @@ -25124,8 +25132,8 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa }, "sendExemplars": { SchemaProps: spec.SchemaProps{ - Description: "sendExemplars enables sending exemplars via remote write. When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted, exemplars are not sent.", - Type: []string{"boolean"}, + Description: "sendExemplars defines whether exemplars are sent via remote write. When set to \"Enabled\", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"Disabled\", exemplars are not sent. Valid values are \"Enabled\" and \"Disabled\".", + Type: []string{"string"}, Format: "", }, }, @@ -25138,6 +25146,7 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa "tlsConfig": { SchemaProps: spec.SchemaProps{ Description: "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), }, }, diff --git a/openapi/openapi.json b/openapi/openapi.json index ff0b04e6f5a..e5854448a33 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -13040,8 +13040,8 @@ "type": "object", "properties": { "send": { - "description": "send enables sending series metadata. When set to true, Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to false, no metadata is sent.", - "type": "boolean" + "description": "send defines whether series metadata is sent to the remote write endpoint. When set to \"Enabled\", Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to \"Disabled\", no metadata is sent. Valid values are \"Enabled\" and \"Disabled\".", + "type": "string" }, "sendInterval": { "description": "sendInterval defines the interval at which metadata is sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 24 hours.", @@ -13139,7 +13139,8 @@ "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, "tokenUrl": { "description": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", @@ -13459,8 +13460,8 @@ "format": "int32" }, "retryOnRateLimit": { - "description": "retryOnRateLimit enables retries on HTTP 429 responses. When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to false, no retries are performed on rate limit responses.", - "type": "boolean" + "description": "retryOnRateLimit defines whether to retry requests on HTTP 429 responses. When set to \"Enabled\", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to \"Disabled\", no retries are performed on rate limit responses. Valid values are \"Enabled\" and \"Disabled\".", + "type": "string" } } }, @@ -13570,10 +13571,12 @@ "properties": { "authorization": { "description": "authorization defines the authorization settings for remote write storage. When omitted, no authorization is performed.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SafeAuthorization" }, "basicAuth": { "description": "basicAuth defines basic authentication settings for the remote write endpoint URL. When omitted, no basic authentication is performed.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BasicAuth" }, "bearerTokenFile": { @@ -13598,6 +13601,7 @@ }, "oauth2": { "description": "oauth2 defines OAuth2 authentication settings for the remote write endpoint. When omitted, no OAuth2 authentication is performed.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OAuth2" }, "proxyUrl": { @@ -13613,8 +13617,8 @@ "type": "string" }, "sendExemplars": { - "description": "sendExemplars enables sending exemplars via remote write. When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted, exemplars are not sent.", - "type": "boolean" + "description": "sendExemplars defines whether exemplars are sent via remote write. When set to \"Enabled\", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"Disabled\", exemplars are not sent. Valid values are \"Enabled\" and \"Disabled\".", + "type": "string" }, "sigv4": { "description": "sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed.", @@ -13622,6 +13626,7 @@ }, "tlsConfig": { "description": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" }, "url": { diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 532d9eac45c..67bbf1ee32f 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1905,10 +1905,14 @@ spec: properties: send: description: |- - send enables sending series metadata. - When set to true, Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to false, no metadata is sent. - type: boolean + send defines whether series metadata is sent to the remote write endpoint. + When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "Disabled", no metadata is sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sendInterval: description: |- sendInterval defines the interval at which metadata is sent. @@ -1916,7 +1920,7 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 24 hours. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string type: object name: @@ -2031,6 +2035,7 @@ spec: type: string maxItems: 20 type: array + x-kubernetes-list-type: atomic tokenUrl: description: |- tokenUrl is the URL to fetch the token from. @@ -2075,7 +2080,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string capacity: description: |- @@ -2095,7 +2100,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string maxSamplesPerSend: description: |- @@ -2126,7 +2131,7 @@ spec: Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string minShards: description: |- @@ -2141,10 +2146,14 @@ spec: type: integer retryOnRateLimit: description: |- - retryOnRateLimit enables retries on HTTP 429 responses. - When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to false, no retries are performed on rate limit responses. - type: boolean + retryOnRateLimit defines whether to retry requests on HTTP 429 responses. + When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to "Disabled", no retries are performed on rate limit responses. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string type: object remoteTimeout: description: |- @@ -2153,15 +2162,19 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 10 minutes. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string sendExemplars: description: |- - sendExemplars enables sending exemplars via remote write. - When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + sendExemplars defines whether exemplars are sent via remote write. + When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted, exemplars are not sent. - type: boolean + When omitted or set to "Disabled", exemplars are not sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index a4c3ab56850..86e98478414 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1905,10 +1905,14 @@ spec: properties: send: description: |- - send enables sending series metadata. - When set to true, Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to false, no metadata is sent. - type: boolean + send defines whether series metadata is sent to the remote write endpoint. + When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "Disabled", no metadata is sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sendInterval: description: |- sendInterval defines the interval at which metadata is sent. @@ -1916,7 +1920,7 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 24 hours. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string type: object name: @@ -2031,6 +2035,7 @@ spec: type: string maxItems: 20 type: array + x-kubernetes-list-type: atomic tokenUrl: description: |- tokenUrl is the URL to fetch the token from. @@ -2075,7 +2080,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string capacity: description: |- @@ -2095,7 +2100,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string maxSamplesPerSend: description: |- @@ -2126,7 +2131,7 @@ spec: Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string minShards: description: |- @@ -2141,10 +2146,14 @@ spec: type: integer retryOnRateLimit: description: |- - retryOnRateLimit enables retries on HTTP 429 responses. - When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to false, no retries are performed on rate limit responses. - type: boolean + retryOnRateLimit defines whether to retry requests on HTTP 429 responses. + When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to "Disabled", no retries are performed on rate limit responses. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string type: object remoteTimeout: description: |- @@ -2153,15 +2162,19 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 10 minutes. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string sendExemplars: description: |- - sendExemplars enables sending exemplars via remote write. - When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + sendExemplars defines whether exemplars are sent via remote write. + When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted, exemplars are not sent. - type: boolean + When omitted or set to "Disabled", exemplars are not sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 12a15229627..ecec6278e6a 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1905,10 +1905,14 @@ spec: properties: send: description: |- - send enables sending series metadata. - When set to true, Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to false, no metadata is sent. - type: boolean + send defines whether series metadata is sent to the remote write endpoint. + When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "Disabled", no metadata is sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sendInterval: description: |- sendInterval defines the interval at which metadata is sent. @@ -1916,7 +1920,7 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 24 hours. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string type: object name: @@ -2031,6 +2035,7 @@ spec: type: string maxItems: 20 type: array + x-kubernetes-list-type: atomic tokenUrl: description: |- tokenUrl is the URL to fetch the token from. @@ -2075,7 +2080,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string capacity: description: |- @@ -2095,7 +2100,7 @@ spec: Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string maxSamplesPerSend: description: |- @@ -2126,7 +2131,7 @@ spec: Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. Maximum value is 1 hour. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string minShards: description: |- @@ -2141,10 +2146,14 @@ spec: type: integer retryOnRateLimit: description: |- - retryOnRateLimit enables retries on HTTP 429 responses. - When set to true, Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to false, no retries are performed on rate limit responses. - type: boolean + retryOnRateLimit defines whether to retry requests on HTTP 429 responses. + When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. + When omitted or set to "Disabled", no retries are performed on rate limit responses. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string type: object remoteTimeout: description: |- @@ -2153,15 +2162,19 @@ spec: Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. Maximum value is 10 minutes. - pattern: ^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + maxLength: 20 type: string sendExemplars: description: |- - sendExemplars enables sending exemplars via remote write. - When enabled, Prometheus is configured to store a maximum of 100,000 exemplars in memory. + sendExemplars defines whether exemplars are sent via remote write. + When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted, exemplars are not sent. - type: boolean + When omitted or set to "Disabled", exemplars are not sent. + Valid values are "Enabled" and "Disabled". + enum: + - Enabled + - Disabled + type: string sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. From 7fbb8e9601c246abf22cc2290fda73ab36c1a51c Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Wed, 4 Feb 2026 17:07:30 +0100 Subject: [PATCH 7/9] Add suggestions Signed-off-by: Mario Fernandez --- config/v1alpha1/Untitled | 1 + config/v1alpha1/types_cluster_monitoring.go | 156 ++++++++++-------- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 133 +++++++++------ ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 133 +++++++++------ ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 133 +++++++++------ config/v1alpha1/zz_generated.deepcopy.go | 34 +--- .../ClusterMonitoringConfig.yaml | 133 +++++++++------ .../zz_generated.swagger_doc_generated.go | 63 +++---- .../generated_openapi/zz_generated.openapi.go | 76 +++++---- openapi/openapi.json | 62 ++++--- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 133 +++++++++------ ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 133 +++++++++------ ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 133 +++++++++------ 13 files changed, 748 insertions(+), 575 deletions(-) create mode 100644 config/v1alpha1/Untitled diff --git a/config/v1alpha1/Untitled b/config/v1alpha1/Untitled new file mode 100644 index 00000000000..e0b97fc764f --- /dev/null +++ b/config/v1alpha1/Untitled @@ -0,0 +1 @@ + // Maximum of 10 node selector key-value pairs can be specified. \ No newline at end of file diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 0f527d9bf61..82a105f24eb 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -582,7 +582,8 @@ type PrometheusConfig struct { // When omitted, this means the user has no opinion and the platform is left // to choose reasonable defaults. These defaults are subject to change over time. // The current default value is `kubernetes.io/os: linux`. - // Maximum of 10 node selector key-value pairs can be specified. + // When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + // and must not contain more than 10 entries. // +optional // +kubebuilder:validation:MinProperties=1 // +kubebuilder:validation:MaxProperties=10 @@ -708,6 +709,7 @@ type AdditionalAlertmanagerConfig struct { // controllers (e.g., ACM, cluster admins) to independently manage their own entries. // The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, // hyphens, or periods, and must start and end with an alphanumeric character. + // Minimum length is 1 character (empty string is invalid). // Maximum length is 253 characters. // +kubebuilder:validation:MaxLength=253 // +kubebuilder:validation:MinLength=1 @@ -735,6 +737,7 @@ type AdditionalAlertmanagerConfig struct { // instances. // Possible values are `HTTP` or `HTTPS`. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `HTTP`. // +optional Scheme AlertmanagerScheme `json:"scheme,omitempty"` // staticConfigs is a list of statically configured Alertmanager endpoints in the form @@ -742,9 +745,10 @@ type AdditionalAlertmanagerConfig struct { // (in brackets) followed by a colon and a valid port number (1-65535). // Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" // At least one endpoint must be specified (minimum 1, maximum 10 endpoints). - // Each entry must be unique. + // Each entry must be unique and non-empty (empty string is invalid). // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 // +kubebuilder:validation:items:MaxLength=255 // +kubebuilder:validation:items:XValidation:rule="isURL('http://' + self) && size(url('http://' + self).getHostname()) > 0 && size(url('http://' + self).getPort()) > 0 && int(url('http://' + self).getPort()) >= 1 && int(url('http://' + self).getPort()) <= 65535",message="must be a valid 'host:port' where host is a DNS name, IPv4, or IPv6 address (in brackets), and port is 1-65535" // +listType=set @@ -785,12 +789,12 @@ type Label struct { // RemoteWriteSpec represents configuration for remote write endpoints. type RemoteWriteSpec struct { // url is the URL of the remote write endpoint. - // Must be a valid URL with http or https scheme. - // Must be between 1 and 2048 characters in length. + // Must be a valid URL with http or https scheme and a non-empty hostname. + // Empty string is invalid. Must be between 1 and 2048 characters in length. // +required // +kubebuilder:validation:MaxLength=2048 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https') && size(url(self).getHostname()) > 0",message="must be a valid URL with http or https scheme and a non-empty hostname" URL string `json:"url,omitempty"` // name is an optional identifier for this remote write configuration. // This name is used in metrics and logging to differentiate remote write queues. @@ -837,8 +841,11 @@ type RemoteWriteSpec struct { // +optional // +kubebuilder:validation:MaxProperties=50 Headers map[string]string `json:"headers,omitempty"` - // metadataConfig defines settings for sending series metadata to remote write storage. + // metadataConfig configures the sending of series metadata to remote storage + // if the prometheus.WriteRequest message was chosen. When + // io.prometheus.write.v2.Request is used, metadata is always sent. // When omitted, no metadata is sent. + // Metadata configuration is subject to change at any point or be removed in future releases. // +optional MetadataConfig *MetadataConfig `json:"metadataConfig,omitempty,omitzero"` // oauth2 defines OAuth2 authentication settings for the remote write endpoint. @@ -859,22 +866,22 @@ type RemoteWriteSpec struct { // queueConfig allows tuning configuration for remote write queue parameters. // When omitted, default queue configuration is used. // +optional - QueueConfig *QueueConfig `json:"queueConfig,omitempty,omitzero"` - // remoteTimeout defines the timeout value for requests to the remote write endpoint. + QueueConfig QueueConfig `json:"queueConfig,omitempty,omitzero"` + // remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - // Must be a valid duration string (e.g., "30s", "1m", "5m"). // Minimum value is 1 second. - // Maximum value is 10 minutes. + // Maximum value is 600 seconds (10 minutes). // +optional - // +kubebuilder:validation:MaxLength=20 - RemoteTimeout *string `json:"remoteTimeout,omitempty"` - // sendExemplars defines whether exemplars are sent via remote write. - // When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + RemoteTimeoutSeconds int32 `json:"remoteTimeoutSeconds,omitempty"` + // exemplarsMode controls whether exemplars are sent via remote write. + // When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. // Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - // When omitted or set to "Disabled", exemplars are not sent. - // Valid values are "Enabled" and "Disabled". + // When omitted or set to "DoNotSend", exemplars are not sent. + // Valid values are "Send" and "DoNotSend". // +optional - SendExemplars ExemplarSendMode `json:"sendExemplars,omitempty"` + ExemplarsMode ExemplarsMode `json:"exemplarsMode,omitempty"` // sigv4 defines AWS Signature Version 4 authentication settings. // When omitted, no AWS SigV4 authentication is performed. // +optional @@ -917,12 +924,12 @@ type BasicAuth struct { // MetadataConfig defines settings for sending series metadata to remote write storage. type MetadataConfig struct { - // send defines whether series metadata is sent to the remote write endpoint. - // When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. - // When omitted or set to "Disabled", no metadata is sent. - // Valid values are "Enabled" and "Disabled". + // mode controls whether series metadata is sent to the remote write endpoint. + // When set to "Send", Prometheus sends metadata about time series to the remote write endpoint. + // When omitted or set to "DoNotSend", no metadata is sent. + // Valid values are "Send" and "DoNotSend". // +optional - Send MetadataSendMode `json:"send,omitempty"` + Mode MetadataMode `json:"mode,omitempty"` // sendInterval defines the interval at which metadata is sent. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // Must be a valid duration string (e.g., "30s", "1m", "5m"). @@ -971,6 +978,7 @@ type OAuth2 struct { } // QueueConfig allows tuning configuration for remote write queue parameters. +// +kubebuilder:validation:MinProperties=1 type QueueConfig struct { // capacity is the number of samples to buffer per shard before we start dropping them. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -1008,36 +1016,36 @@ type QueueConfig struct { // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=100000 MaxSamplesPerSend int32 `json:"maxSamplesPerSend,omitempty"` - // batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + // batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - // Must be a valid duration string (e.g., "5s", "1m"). // Minimum value is 1 second. - // Maximum value is 1 hour. + // Maximum value is 3600 seconds (1 hour). // +optional - // +kubebuilder:validation:MaxLength=20 - BatchSendDeadline *string `json:"batchSendDeadline,omitempty"` - // minBackoff is the minimum retry delay. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600 + BatchSendDeadlineSeconds int32 `json:"batchSendDeadlineSeconds,omitempty"` + // minBackoffMilliseconds is the minimum retry delay in milliseconds. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - // Must be a valid duration string (e.g., "30ms", "1s"). // Minimum value is 1 millisecond. - // Maximum value is 1 hour. + // Maximum value is 3600000 milliseconds (1 hour). // +optional - // +kubebuilder:validation:MaxLength=20 - MinBackoff *string `json:"minBackoff,omitempty"` - // maxBackoff is the maximum retry delay. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MinBackoffMilliseconds int32 `json:"minBackoffMilliseconds,omitempty"` + // maxBackoffMilliseconds is the maximum retry delay in milliseconds. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - // Must be a valid duration string (e.g., "5s", "1m"). // Minimum value is 1 millisecond. - // Maximum value is 1 hour. - // +optional - // +kubebuilder:validation:MaxLength=20 - MaxBackoff *string `json:"maxBackoff,omitempty"` - // retryOnRateLimit defines whether to retry requests on HTTP 429 responses. - // When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - // When omitted or set to "Disabled", no retries are performed on rate limit responses. - // Valid values are "Enabled" and "Disabled". + // Maximum value is 3600000 milliseconds (1 hour). // +optional - RetryOnRateLimit RetryOnRateLimitMode `json:"retryOnRateLimit,omitempty"` + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MaxBackoffMilliseconds int32 `json:"maxBackoffMilliseconds,omitempty"` + // rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + // When set to "Retry", Prometheus will retry such requests using the backoff settings above. + // When omitted or set to "DoNotRetry", no retries are performed on rate limit responses. + // Valid values are "Retry" and "DoNotRetry". + // +optional + RateLimitedAction RateLimitedAction `json:"rateLimitedAction,omitempty"` } // Sigv4 defines AWS Signature Version 4 authentication settings. @@ -1174,6 +1182,12 @@ type RelabelActionConfig struct { // +optional HashMod HashModActionConfig `json:"hashMod,omitempty,omitzero"` + // labelMap configures the LabelMap action. + // Required when type is LabelMap. + // +unionMember + // +optional + LabelMap *LabelMapActionConfig `json:"labelMap,omitempty,omitzero"` + // lowercase configures the Lowercase action. // Required when type is Lowercase. // Requires Prometheus >= v2.36.0. @@ -1201,12 +1215,6 @@ type RelabelActionConfig struct { // +unionMember // +optional DropEqual DropEqualActionConfig `json:"dropEqual,omitempty,omitzero"` - - // labelMap configures the LabelMap action. - // Required when type is LabelMap. - // +unionMember - // +optional - LabelMap *LabelMapActionConfig `json:"labelMap,omitempty,omitzero"` } // ReplaceActionConfig configures the Replace action. @@ -1237,6 +1245,14 @@ type HashModActionConfig struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=128 TargetLabel string `json:"targetLabel,omitempty"` + + // modulus is the divisor applied to the hash of the source label values (target = hash % modulus). + // Only applicable when the action is HashMod. + // When omitted, the platform chooses a reasonable default, which may change over time. + // Must be at least 1. + // +optional + // +kubebuilder:validation:Minimum=1 + Modulus int64 `json:"modulus,omitempty"` } // LowercaseActionConfig configures the Lowercase action. @@ -1484,37 +1500,37 @@ const ( VerbosityLevelTraceAll VerbosityLevel = "TraceAll" ) -// ExemplarSendMode defines whether exemplars are sent via remote write. -// +kubebuilder:validation:Enum=Enabled;Disabled -type ExemplarSendMode string +// ExemplarsMode defines whether exemplars are sent via remote write. +// +kubebuilder:validation:Enum=Send;DoNotSend +type ExemplarsMode string const ( - // ExemplarSendModeEnabled means exemplars are sent via remote write. - ExemplarSendModeEnabled ExemplarSendMode = "Enabled" - // ExemplarSendModeDisabled means exemplars are not sent via remote write. - ExemplarSendModeDisabled ExemplarSendMode = "Disabled" + // ExemplarsModeSend means exemplars are sent via remote write. + ExemplarsModeSend ExemplarsMode = "Send" + // ExemplarsModeDoNotSend means exemplars are not sent via remote write. + ExemplarsModeDoNotSend ExemplarsMode = "DoNotSend" ) -// MetadataSendMode defines whether series metadata is sent to remote write storage. -// +kubebuilder:validation:Enum=Enabled;Disabled -type MetadataSendMode string +// MetadataMode defines whether series metadata is sent to remote write storage. +// +kubebuilder:validation:Enum=Send;DoNotSend +type MetadataMode string const ( - // MetadataSendModeEnabled means metadata is sent to the remote write endpoint. - MetadataSendModeEnabled MetadataSendMode = "Enabled" - // MetadataSendModeDisabled means no metadata is sent to the remote write endpoint. - MetadataSendModeDisabled MetadataSendMode = "Disabled" + // MetadataModeSend means metadata is sent to the remote write endpoint. + MetadataModeSend MetadataMode = "Send" + // MetadataModeDoNotSend means no metadata is sent to the remote write endpoint. + MetadataModeDoNotSend MetadataMode = "DoNotSend" ) -// RetryOnRateLimitMode defines whether to retry requests on HTTP 429 responses. -// +kubebuilder:validation:Enum=Enabled;Disabled -type RetryOnRateLimitMode string +// RateLimitedAction defines what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). +// +kubebuilder:validation:Enum=Retry;DoNotRetry +type RateLimitedAction string const ( - // RetryOnRateLimitModeEnabled means requests will be retried on HTTP 429 responses. - RetryOnRateLimitModeEnabled RetryOnRateLimitMode = "Enabled" - // RetryOnRateLimitModeDisabled means no retries are performed on HTTP 429 responses. - RetryOnRateLimitModeDisabled RetryOnRateLimitMode = "Disabled" + // RateLimitedActionRetry means requests will be retried on HTTP 429 responses. + RateLimitedActionRetry RateLimitedAction = "Retry" + // RateLimitedActionDoNotRetry means no retries are performed on HTTP 429 responses. + RateLimitedActionDoNotRetry RateLimitedAction = "DoNotRetry" ) // Audit profile configurations diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 67bbf1ee32f..f97ac7b89d7 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1379,6 +1379,7 @@ spec: controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters. maxLength: 253 minLength: 1 @@ -1413,6 +1414,7 @@ spec: instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. enum: - HTTP - HTTPS @@ -1424,9 +1426,10 @@ spec: (in brackets) followed by a colon and a valid port number (1-65535). Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). - Each entry must be unique. + Each entry must be unique and non-empty (empty string is invalid). items: maxLength: 255 + minLength: 1 type: string x-kubernetes-validations: - message: must be a valid 'host:port' where host is a @@ -1697,7 +1700,8 @@ spec: When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. - Maximum of 10 node selector key-value pairs can be specified. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. maxProperties: 10 minProperties: 1 type: object @@ -1887,6 +1891,17 @@ spec: maxLength: 1024 minLength: 1 type: string + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + Valid values are "Send" and "DoNotSend". + enum: + - Send + - DoNotSend + type: string headers: additionalProperties: type: string @@ -1900,18 +1915,21 @@ spec: type: object metadataConfig: description: |- - metadataConfig defines settings for sending series metadata to remote write storage. + metadataConfig configures the sending of series metadata to remote storage + if the prometheus.WriteRequest message was chosen. When + io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. + Metadata configuration is subject to change at any point or be removed in future releases. properties: - send: + mode: description: |- - send defines whether series metadata is sent to the remote write endpoint. - When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to "Disabled", no metadata is sent. - Valid values are "Enabled" and "Disabled". + mode controls whether series metadata is sent to the remote write endpoint. + When set to "Send", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "DoNotSend", no metadata is sent. + Valid values are "Send" and "DoNotSend". enum: - - Enabled - - Disabled + - Send + - DoNotSend type: string sendInterval: description: |- @@ -2072,16 +2090,18 @@ spec: description: |- queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used. + minProperties: 1 properties: - batchSendDeadline: + batchSendDeadlineSeconds: description: |- - batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer capacity: description: |- capacity is the number of samples to buffer per shard before we start dropping them. @@ -2093,15 +2113,16 @@ spec: maximum: 1000000 minimum: 1 type: integer - maxBackoff: + maxBackoffMilliseconds: description: |- - maxBackoff is the maximum retry delay. + maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer maxSamplesPerSend: description: |- maxSamplesPerSend is the maximum number of samples per send. @@ -2124,15 +2145,16 @@ spec: maximum: 10000 minimum: 1 type: integer - minBackoff: + minBackoffMilliseconds: description: |- - minBackoff is the minimum retry delay. + minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer minShards: description: |- minShards is the minimum number of shards, i.e. amount of concurrency. @@ -2144,37 +2166,27 @@ spec: maximum: 10000 minimum: 1 type: integer - retryOnRateLimit: + rateLimitedAction: description: |- - retryOnRateLimit defines whether to retry requests on HTTP 429 responses. - When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to "Disabled", no retries are performed on rate limit responses. - Valid values are "Enabled" and "Disabled". + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + When omitted or set to "DoNotRetry", no retries are performed on rate limit responses. + Valid values are "Retry" and "DoNotRetry". enum: - - Enabled - - Disabled + - Retry + - DoNotRetry type: string type: object - remoteTimeout: + remoteTimeoutSeconds: description: |- - remoteTimeout defines the timeout value for requests to the remote write endpoint. + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 10 minutes. - maxLength: 20 - type: string - sendExemplars: - description: |- - sendExemplars defines whether exemplars are sent via remote write. - When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. - Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted or set to "Disabled", exemplars are not sent. - Valid values are "Enabled" and "Disabled". - enum: - - Enabled - - Disabled - type: string + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. @@ -2425,15 +2437,17 @@ spec: url: description: |- url is the URL of the remote write endpoint. - Must be a valid URL with http or https scheme. - Must be between 1 and 2048 characters in length. + Must be a valid URL with http or https scheme and a non-empty hostname. + Empty string is invalid. Must be between 1 and 2048 characters in length. maxLength: 2048 minLength: 1 type: string x-kubernetes-validations: - message: must be a valid URL with http or https scheme + and a non-empty hostname rule: isURL(self) && (url(self).getScheme() == 'http' - || url(self).getScheme() == 'https') + || url(self).getScheme() == 'https') && size(url(self).getHostname()) + > 0 writeRelabelConfigs: description: |- writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. @@ -2469,6 +2483,15 @@ spec: hashMod configures the HashMod action. Required when type is HashMod. properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the source label values (target = hash % modulus). + Only applicable when the action is HashMod. + When omitted, the platform chooses a reasonable default, which may change over time. + Must be at least 1. + format: int64 + minimum: 1 + type: integer targetLabel: description: |- targetLabel is the target label name where the result is written. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 86e98478414..8ee384d4dcd 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1379,6 +1379,7 @@ spec: controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters. maxLength: 253 minLength: 1 @@ -1413,6 +1414,7 @@ spec: instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. enum: - HTTP - HTTPS @@ -1424,9 +1426,10 @@ spec: (in brackets) followed by a colon and a valid port number (1-65535). Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). - Each entry must be unique. + Each entry must be unique and non-empty (empty string is invalid). items: maxLength: 255 + minLength: 1 type: string x-kubernetes-validations: - message: must be a valid 'host:port' where host is a @@ -1697,7 +1700,8 @@ spec: When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. - Maximum of 10 node selector key-value pairs can be specified. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. maxProperties: 10 minProperties: 1 type: object @@ -1887,6 +1891,17 @@ spec: maxLength: 1024 minLength: 1 type: string + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + Valid values are "Send" and "DoNotSend". + enum: + - Send + - DoNotSend + type: string headers: additionalProperties: type: string @@ -1900,18 +1915,21 @@ spec: type: object metadataConfig: description: |- - metadataConfig defines settings for sending series metadata to remote write storage. + metadataConfig configures the sending of series metadata to remote storage + if the prometheus.WriteRequest message was chosen. When + io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. + Metadata configuration is subject to change at any point or be removed in future releases. properties: - send: + mode: description: |- - send defines whether series metadata is sent to the remote write endpoint. - When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to "Disabled", no metadata is sent. - Valid values are "Enabled" and "Disabled". + mode controls whether series metadata is sent to the remote write endpoint. + When set to "Send", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "DoNotSend", no metadata is sent. + Valid values are "Send" and "DoNotSend". enum: - - Enabled - - Disabled + - Send + - DoNotSend type: string sendInterval: description: |- @@ -2072,16 +2090,18 @@ spec: description: |- queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used. + minProperties: 1 properties: - batchSendDeadline: + batchSendDeadlineSeconds: description: |- - batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer capacity: description: |- capacity is the number of samples to buffer per shard before we start dropping them. @@ -2093,15 +2113,16 @@ spec: maximum: 1000000 minimum: 1 type: integer - maxBackoff: + maxBackoffMilliseconds: description: |- - maxBackoff is the maximum retry delay. + maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer maxSamplesPerSend: description: |- maxSamplesPerSend is the maximum number of samples per send. @@ -2124,15 +2145,16 @@ spec: maximum: 10000 minimum: 1 type: integer - minBackoff: + minBackoffMilliseconds: description: |- - minBackoff is the minimum retry delay. + minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer minShards: description: |- minShards is the minimum number of shards, i.e. amount of concurrency. @@ -2144,37 +2166,27 @@ spec: maximum: 10000 minimum: 1 type: integer - retryOnRateLimit: + rateLimitedAction: description: |- - retryOnRateLimit defines whether to retry requests on HTTP 429 responses. - When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to "Disabled", no retries are performed on rate limit responses. - Valid values are "Enabled" and "Disabled". + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + When omitted or set to "DoNotRetry", no retries are performed on rate limit responses. + Valid values are "Retry" and "DoNotRetry". enum: - - Enabled - - Disabled + - Retry + - DoNotRetry type: string type: object - remoteTimeout: + remoteTimeoutSeconds: description: |- - remoteTimeout defines the timeout value for requests to the remote write endpoint. + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 10 minutes. - maxLength: 20 - type: string - sendExemplars: - description: |- - sendExemplars defines whether exemplars are sent via remote write. - When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. - Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted or set to "Disabled", exemplars are not sent. - Valid values are "Enabled" and "Disabled". - enum: - - Enabled - - Disabled - type: string + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. @@ -2425,15 +2437,17 @@ spec: url: description: |- url is the URL of the remote write endpoint. - Must be a valid URL with http or https scheme. - Must be between 1 and 2048 characters in length. + Must be a valid URL with http or https scheme and a non-empty hostname. + Empty string is invalid. Must be between 1 and 2048 characters in length. maxLength: 2048 minLength: 1 type: string x-kubernetes-validations: - message: must be a valid URL with http or https scheme + and a non-empty hostname rule: isURL(self) && (url(self).getScheme() == 'http' - || url(self).getScheme() == 'https') + || url(self).getScheme() == 'https') && size(url(self).getHostname()) + > 0 writeRelabelConfigs: description: |- writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. @@ -2469,6 +2483,15 @@ spec: hashMod configures the HashMod action. Required when type is HashMod. properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the source label values (target = hash % modulus). + Only applicable when the action is HashMod. + When omitted, the platform chooses a reasonable default, which may change over time. + Must be at least 1. + format: int64 + minimum: 1 + type: integer targetLabel: description: |- targetLabel is the target label name where the result is written. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index ecec6278e6a..d75f44107d6 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1379,6 +1379,7 @@ spec: controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters. maxLength: 253 minLength: 1 @@ -1413,6 +1414,7 @@ spec: instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. enum: - HTTP - HTTPS @@ -1424,9 +1426,10 @@ spec: (in brackets) followed by a colon and a valid port number (1-65535). Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). - Each entry must be unique. + Each entry must be unique and non-empty (empty string is invalid). items: maxLength: 255 + minLength: 1 type: string x-kubernetes-validations: - message: must be a valid 'host:port' where host is a @@ -1697,7 +1700,8 @@ spec: When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. - Maximum of 10 node selector key-value pairs can be specified. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. maxProperties: 10 minProperties: 1 type: object @@ -1887,6 +1891,17 @@ spec: maxLength: 1024 minLength: 1 type: string + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + Valid values are "Send" and "DoNotSend". + enum: + - Send + - DoNotSend + type: string headers: additionalProperties: type: string @@ -1900,18 +1915,21 @@ spec: type: object metadataConfig: description: |- - metadataConfig defines settings for sending series metadata to remote write storage. + metadataConfig configures the sending of series metadata to remote storage + if the prometheus.WriteRequest message was chosen. When + io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. + Metadata configuration is subject to change at any point or be removed in future releases. properties: - send: + mode: description: |- - send defines whether series metadata is sent to the remote write endpoint. - When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to "Disabled", no metadata is sent. - Valid values are "Enabled" and "Disabled". + mode controls whether series metadata is sent to the remote write endpoint. + When set to "Send", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "DoNotSend", no metadata is sent. + Valid values are "Send" and "DoNotSend". enum: - - Enabled - - Disabled + - Send + - DoNotSend type: string sendInterval: description: |- @@ -2072,16 +2090,18 @@ spec: description: |- queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used. + minProperties: 1 properties: - batchSendDeadline: + batchSendDeadlineSeconds: description: |- - batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer capacity: description: |- capacity is the number of samples to buffer per shard before we start dropping them. @@ -2093,15 +2113,16 @@ spec: maximum: 1000000 minimum: 1 type: integer - maxBackoff: + maxBackoffMilliseconds: description: |- - maxBackoff is the maximum retry delay. + maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer maxSamplesPerSend: description: |- maxSamplesPerSend is the maximum number of samples per send. @@ -2124,15 +2145,16 @@ spec: maximum: 10000 minimum: 1 type: integer - minBackoff: + minBackoffMilliseconds: description: |- - minBackoff is the minimum retry delay. + minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer minShards: description: |- minShards is the minimum number of shards, i.e. amount of concurrency. @@ -2144,37 +2166,27 @@ spec: maximum: 10000 minimum: 1 type: integer - retryOnRateLimit: + rateLimitedAction: description: |- - retryOnRateLimit defines whether to retry requests on HTTP 429 responses. - When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to "Disabled", no retries are performed on rate limit responses. - Valid values are "Enabled" and "Disabled". + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + When omitted or set to "DoNotRetry", no retries are performed on rate limit responses. + Valid values are "Retry" and "DoNotRetry". enum: - - Enabled - - Disabled + - Retry + - DoNotRetry type: string type: object - remoteTimeout: + remoteTimeoutSeconds: description: |- - remoteTimeout defines the timeout value for requests to the remote write endpoint. + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 10 minutes. - maxLength: 20 - type: string - sendExemplars: - description: |- - sendExemplars defines whether exemplars are sent via remote write. - When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. - Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted or set to "Disabled", exemplars are not sent. - Valid values are "Enabled" and "Disabled". - enum: - - Enabled - - Disabled - type: string + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. @@ -2425,15 +2437,17 @@ spec: url: description: |- url is the URL of the remote write endpoint. - Must be a valid URL with http or https scheme. - Must be between 1 and 2048 characters in length. + Must be a valid URL with http or https scheme and a non-empty hostname. + Empty string is invalid. Must be between 1 and 2048 characters in length. maxLength: 2048 minLength: 1 type: string x-kubernetes-validations: - message: must be a valid URL with http or https scheme + and a non-empty hostname rule: isURL(self) && (url(self).getScheme() == 'http' - || url(self).getScheme() == 'https') + || url(self).getScheme() == 'https') && size(url(self).getHostname()) + > 0 writeRelabelConfigs: description: |- writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. @@ -2469,6 +2483,15 @@ spec: hashMod configures the HashMod action. Required when type is HashMod. properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the source label values (target = hash % modulus). + Only applicable when the action is HashMod. + When omitted, the platform chooses a reasonable default, which may change over time. + Must be at least 1. + format: int64 + minimum: 1 + type: integer targetLabel: description: |- targetLabel is the target label name where the result is written. diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index 9fe54016950..584b4a1734e 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -1389,21 +1389,6 @@ func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *QueueConfig) DeepCopyInto(out *QueueConfig) { *out = *in - if in.BatchSendDeadline != nil { - in, out := &in.BatchSendDeadline, &out.BatchSendDeadline - *out = new(string) - **out = **in - } - if in.MinBackoff != nil { - in, out := &in.MinBackoff, &out.MinBackoff - *out = new(string) - **out = **in - } - if in.MaxBackoff != nil { - in, out := &in.MaxBackoff, &out.MaxBackoff - *out = new(string) - **out = **in - } return } @@ -1422,15 +1407,15 @@ func (in *RelabelActionConfig) DeepCopyInto(out *RelabelActionConfig) { *out = *in in.Replace.DeepCopyInto(&out.Replace) out.HashMod = in.HashMod - out.Lowercase = in.Lowercase - out.Uppercase = in.Uppercase - out.KeepEqual = in.KeepEqual - out.DropEqual = in.DropEqual if in.LabelMap != nil { in, out := &in.LabelMap, &out.LabelMap *out = new(LabelMapActionConfig) (*in).DeepCopyInto(*out) } + out.Lowercase = in.Lowercase + out.Uppercase = in.Uppercase + out.KeepEqual = in.KeepEqual + out.DropEqual = in.DropEqual return } @@ -1491,16 +1476,7 @@ func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { (*in).DeepCopyInto(*out) } in.OAuth2.DeepCopyInto(&out.OAuth2) - if in.QueueConfig != nil { - in, out := &in.QueueConfig, &out.QueueConfig - *out = new(QueueConfig) - (*in).DeepCopyInto(*out) - } - if in.RemoteTimeout != nil { - in, out := &in.RemoteTimeout, &out.RemoteTimeout - *out = new(string) - **out = **in - } + out.QueueConfig = in.QueueConfig if in.Sigv4 != nil { in, out := &in.Sigv4, &out.Sigv4 *out = new(Sigv4) diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 2c5e9192e88..8ac12a7f81b 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -1379,6 +1379,7 @@ spec: controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters. maxLength: 253 minLength: 1 @@ -1413,6 +1414,7 @@ spec: instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. enum: - HTTP - HTTPS @@ -1424,9 +1426,10 @@ spec: (in brackets) followed by a colon and a valid port number (1-65535). Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). - Each entry must be unique. + Each entry must be unique and non-empty (empty string is invalid). items: maxLength: 255 + minLength: 1 type: string x-kubernetes-validations: - message: must be a valid 'host:port' where host is a @@ -1697,7 +1700,8 @@ spec: When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. - Maximum of 10 node selector key-value pairs can be specified. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. maxProperties: 10 minProperties: 1 type: object @@ -1887,6 +1891,17 @@ spec: maxLength: 1024 minLength: 1 type: string + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + Valid values are "Send" and "DoNotSend". + enum: + - Send + - DoNotSend + type: string headers: additionalProperties: type: string @@ -1900,18 +1915,21 @@ spec: type: object metadataConfig: description: |- - metadataConfig defines settings for sending series metadata to remote write storage. + metadataConfig configures the sending of series metadata to remote storage + if the prometheus.WriteRequest message was chosen. When + io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. + Metadata configuration is subject to change at any point or be removed in future releases. properties: - send: + mode: description: |- - send defines whether series metadata is sent to the remote write endpoint. - When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to "Disabled", no metadata is sent. - Valid values are "Enabled" and "Disabled". + mode controls whether series metadata is sent to the remote write endpoint. + When set to "Send", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "DoNotSend", no metadata is sent. + Valid values are "Send" and "DoNotSend". enum: - - Enabled - - Disabled + - Send + - DoNotSend type: string sendInterval: description: |- @@ -2072,16 +2090,18 @@ spec: description: |- queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used. + minProperties: 1 properties: - batchSendDeadline: + batchSendDeadlineSeconds: description: |- - batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer capacity: description: |- capacity is the number of samples to buffer per shard before we start dropping them. @@ -2093,15 +2113,16 @@ spec: maximum: 1000000 minimum: 1 type: integer - maxBackoff: + maxBackoffMilliseconds: description: |- - maxBackoff is the maximum retry delay. + maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer maxSamplesPerSend: description: |- maxSamplesPerSend is the maximum number of samples per send. @@ -2124,15 +2145,16 @@ spec: maximum: 10000 minimum: 1 type: integer - minBackoff: + minBackoffMilliseconds: description: |- - minBackoff is the minimum retry delay. + minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer minShards: description: |- minShards is the minimum number of shards, i.e. amount of concurrency. @@ -2144,37 +2166,27 @@ spec: maximum: 10000 minimum: 1 type: integer - retryOnRateLimit: + rateLimitedAction: description: |- - retryOnRateLimit defines whether to retry requests on HTTP 429 responses. - When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to "Disabled", no retries are performed on rate limit responses. - Valid values are "Enabled" and "Disabled". + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + When omitted or set to "DoNotRetry", no retries are performed on rate limit responses. + Valid values are "Retry" and "DoNotRetry". enum: - - Enabled - - Disabled + - Retry + - DoNotRetry type: string type: object - remoteTimeout: + remoteTimeoutSeconds: description: |- - remoteTimeout defines the timeout value for requests to the remote write endpoint. + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 10 minutes. - maxLength: 20 - type: string - sendExemplars: - description: |- - sendExemplars defines whether exemplars are sent via remote write. - When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. - Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted or set to "Disabled", exemplars are not sent. - Valid values are "Enabled" and "Disabled". - enum: - - Enabled - - Disabled - type: string + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. @@ -2425,15 +2437,17 @@ spec: url: description: |- url is the URL of the remote write endpoint. - Must be a valid URL with http or https scheme. - Must be between 1 and 2048 characters in length. + Must be a valid URL with http or https scheme and a non-empty hostname. + Empty string is invalid. Must be between 1 and 2048 characters in length. maxLength: 2048 minLength: 1 type: string x-kubernetes-validations: - message: must be a valid URL with http or https scheme + and a non-empty hostname rule: isURL(self) && (url(self).getScheme() == 'http' - || url(self).getScheme() == 'https') + || url(self).getScheme() == 'https') && size(url(self).getHostname()) + > 0 writeRelabelConfigs: description: |- writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. @@ -2469,6 +2483,15 @@ spec: hashMod configures the HashMod action. Required when type is HashMod. properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the source label values (target = hash % modulus). + Only applicable when the action is HashMod. + When omitted, the platform chooses a reasonable default, which may change over time. + Must be at least 1. + format: int64 + minimum: 1 + type: integer targetLabel: description: |- targetLabel is the target label name where the result is written. diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 4142fc91c60..4112d984fe7 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -120,11 +120,11 @@ func (ClusterImagePolicyStatus) SwaggerDoc() map[string]string { var map_AdditionalAlertmanagerConfig = map[string]string{ "": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", - "name": "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", + "name": "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", "authorization": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", "pathPrefix": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. Must start with \"/\" and not end with \"/\" (unless it is the root path \"/\"). Must not contain query strings (\"?\") or fragments (\"#\").", - "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique.", + "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", + "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", "tlsConfig": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } @@ -252,6 +252,7 @@ func (DropEqualActionConfig) SwaggerDoc() map[string]string { var map_HashModActionConfig = map[string]string{ "": "HashModActionConfig configures the HashMod action.", "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "modulus": "modulus is the divisor applied to the hash of the source label values (target = hash % modulus). Only applicable when the action is HashMod. When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1.", } func (HashModActionConfig) SwaggerDoc() map[string]string { @@ -297,7 +298,7 @@ func (LowercaseActionConfig) SwaggerDoc() map[string]string { var map_MetadataConfig = map[string]string{ "": "MetadataConfig defines settings for sending series metadata to remote write storage.", - "send": "send defines whether series metadata is sent to the remote write endpoint. When set to \"Enabled\", Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to \"Disabled\", no metadata is sent. Valid values are \"Enabled\" and \"Disabled\".", + "mode": "mode controls whether series metadata is sent to the remote write endpoint. When set to \"Send\", Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to \"DoNotSend\", no metadata is sent. Valid values are \"Send\" and \"DoNotSend\".", "sendInterval": "sendInterval defines the interval at which metadata is sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 24 hours.", } @@ -338,7 +339,7 @@ var map_PrometheusConfig = map[string]string{ "enforcedBodySizeLimitBytes": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", "externalLabels": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", - "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. Maximum of 10 node selector key-value pairs can be specified.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", "queryLogFile": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", "remoteWrite": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique URL.", "resources": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", @@ -367,15 +368,15 @@ func (PrometheusOperatorConfig) SwaggerDoc() map[string]string { } var map_QueueConfig = map[string]string{ - "": "QueueConfig allows tuning configuration for remote write queue parameters.", - "capacity": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", - "maxShards": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", - "minShards": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", - "maxSamplesPerSend": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", - "batchSendDeadline": "batchSendDeadline is the maximum time a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 second. Maximum value is 1 hour.", - "minBackoff": "minBackoff is the minimum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30ms\", \"1s\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", - "maxBackoff": "maxBackoff is the maximum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", - "retryOnRateLimit": "retryOnRateLimit defines whether to retry requests on HTTP 429 responses. When set to \"Enabled\", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to \"Disabled\", no retries are performed on rate limit responses. Valid values are \"Enabled\" and \"Disabled\".", + "": "QueueConfig allows tuning configuration for remote write queue parameters.", + "capacity": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + "maxShards": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + "minShards": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + "maxSamplesPerSend": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + "batchSendDeadlineSeconds": "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + "minBackoffMilliseconds": "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "maxBackoffMilliseconds": "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "rateLimitedAction": "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. When omitted or set to \"DoNotRetry\", no retries are performed on rate limit responses. Valid values are \"Retry\" and \"DoNotRetry\".", } func (QueueConfig) SwaggerDoc() map[string]string { @@ -387,11 +388,11 @@ var map_RelabelActionConfig = map[string]string{ "type": "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", "replace": "replace configures the Replace action. Required when type is Replace.", "hashMod": "hashMod configures the HashMod action. Required when type is HashMod.", + "labelMap": "labelMap configures the LabelMap action. Required when type is LabelMap.", "lowercase": "lowercase configures the Lowercase action. Required when type is Lowercase. Requires Prometheus >= v2.36.0.", "uppercase": "uppercase configures the Uppercase action. Required when type is Uppercase. Requires Prometheus >= v2.36.0.", "keepEqual": "keepEqual configures the KeepEqual action. Required when type is KeepEqual. Requires Prometheus >= v2.41.0.", "dropEqual": "dropEqual configures the DropEqual action. Required when type is DropEqual. Requires Prometheus >= v2.41.0.", - "labelMap": "labelMap configures the LabelMap action. Required when type is LabelMap.", } func (RelabelActionConfig) SwaggerDoc() map[string]string { @@ -412,22 +413,22 @@ func (RelabelConfig) SwaggerDoc() map[string]string { } var map_RemoteWriteSpec = map[string]string{ - "": "RemoteWriteSpec represents configuration for remote write endpoints.", - "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", - "name": "name is an optional identifier for this remote write configuration. This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", - "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", - "authorization": "authorization defines the authorization settings for remote write storage. When omitted, no authorization is performed.", - "basicAuth": "basicAuth defines basic authentication settings for the remote write endpoint URL. When omitted, no basic authentication is performed.", - "bearerTokenFile": "bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. When omitted, no bearer token file is used. Must be a valid file path.", - "headers": "headers specifies the custom HTTP headers to be sent along with each remote write request. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters.", - "metadataConfig": "metadataConfig defines settings for sending series metadata to remote write storage. When omitted, no metadata is sent.", - "oauth2": "oauth2 defines OAuth2 authentication settings for the remote write endpoint. When omitted, no OAuth2 authentication is performed.", - "proxyUrl": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", - "queueConfig": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", - "remoteTimeout": "remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 10 minutes.", - "sendExemplars": "sendExemplars defines whether exemplars are sent via remote write. When set to \"Enabled\", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"Disabled\", exemplars are not sent. Valid values are \"Enabled\" and \"Disabled\".", - "sigv4": "sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed.", - "tlsConfig": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "": "RemoteWriteSpec represents configuration for remote write endpoints.", + "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Empty string is invalid. Must be between 1 and 2048 characters in length.", + "name": "name is an optional identifier for this remote write configuration. This name is used in metrics and logging to differentiate remote write queues. When omitted, Prometheus generates a unique name automatically. If specified, this name must be unique. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + "authorization": "authorization defines the authorization settings for remote write storage. When omitted, no authorization is performed.", + "basicAuth": "basicAuth defines basic authentication settings for the remote write endpoint URL. When omitted, no basic authentication is performed.", + "bearerTokenFile": "bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. When omitted, no bearer token file is used. Must be a valid file path.", + "headers": "headers specifies the custom HTTP headers to be sent along with each remote write request. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters.", + "metadataConfig": "metadataConfig configures the sending of series metadata to remote storage if the prometheus.WriteRequest message was chosen. When io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases.", + "oauth2": "oauth2 defines OAuth2 authentication settings for the remote write endpoint. When omitted, no OAuth2 authentication is performed.", + "proxyUrl": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "queueConfig": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "remoteTimeoutSeconds": "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "exemplarsMode": "exemplarsMode controls whether exemplars are sent via remote write. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent. Valid values are \"Send\" and \"DoNotSend\".", + "sigv4": "sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed.", + "tlsConfig": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } func (RemoteWriteSpec) SwaggerDoc() map[string]string { diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 2b04ad8e22a..37a024e33f7 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -22353,7 +22353,7 @@ func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref commo Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", + Description: "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", Type: []string{"string"}, Format: "", }, @@ -22374,7 +22374,7 @@ func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref commo }, "scheme": { SchemaProps: spec.SchemaProps{ - Description: "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Description: "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", Type: []string{"string"}, Format: "", }, @@ -22386,7 +22386,7 @@ func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref commo }, }, SchemaProps: spec.SchemaProps{ - Description: "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique.", + Description: "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -23477,6 +23477,13 @@ func schema_openshift_api_config_v1alpha1_HashModActionConfig(ref common.Referen Format: "", }, }, + "modulus": { + SchemaProps: spec.SchemaProps{ + Description: "modulus is the divisor applied to the hash of the source label values (target = hash % modulus). Only applicable when the action is HashMod. When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1.", + Type: []string{"integer"}, + Format: "int64", + }, + }, }, Required: []string{"targetLabel"}, }, @@ -24025,9 +24032,9 @@ func schema_openshift_api_config_v1alpha1_MetadataConfig(ref common.ReferenceCal Description: "MetadataConfig defines settings for sending series metadata to remote write storage.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "send": { + "mode": { SchemaProps: spec.SchemaProps{ - Description: "send defines whether series metadata is sent to the remote write endpoint. When set to \"Enabled\", Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to \"Disabled\", no metadata is sent. Valid values are \"Enabled\" and \"Disabled\".", + Description: "mode controls whether series metadata is sent to the remote write endpoint. When set to \"Send\", Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to \"DoNotSend\", no metadata is sent. Valid values are \"Send\" and \"DoNotSend\".", Type: []string{"string"}, Format: "", }, @@ -24558,7 +24565,7 @@ func schema_openshift_api_config_v1alpha1_PrometheusConfig(ref common.ReferenceC }, "nodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. Maximum of 10 node selector key-value pairs can be specified.", + Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -24830,30 +24837,30 @@ func schema_openshift_api_config_v1alpha1_QueueConfig(ref common.ReferenceCallba Format: "int32", }, }, - "batchSendDeadline": { + "batchSendDeadlineSeconds": { SchemaProps: spec.SchemaProps{ - Description: "batchSendDeadline is the maximum time a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 second. Maximum value is 1 hour.", - Type: []string{"string"}, - Format: "", + Description: "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + Type: []string{"integer"}, + Format: "int32", }, }, - "minBackoff": { + "minBackoffMilliseconds": { SchemaProps: spec.SchemaProps{ - Description: "minBackoff is the minimum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30ms\", \"1s\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", - Type: []string{"string"}, - Format: "", + Description: "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + Type: []string{"integer"}, + Format: "int32", }, }, - "maxBackoff": { + "maxBackoffMilliseconds": { SchemaProps: spec.SchemaProps{ - Description: "maxBackoff is the maximum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", - Type: []string{"string"}, - Format: "", + Description: "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + Type: []string{"integer"}, + Format: "int32", }, }, - "retryOnRateLimit": { + "rateLimitedAction": { SchemaProps: spec.SchemaProps{ - Description: "retryOnRateLimit defines whether to retry requests on HTTP 429 responses. When set to \"Enabled\", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to \"Disabled\", no retries are performed on rate limit responses. Valid values are \"Enabled\" and \"Disabled\".", + Description: "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. When omitted or set to \"DoNotRetry\", no retries are performed on rate limit responses. Valid values are \"Retry\" and \"DoNotRetry\".", Type: []string{"string"}, Format: "", }, @@ -24892,6 +24899,12 @@ func schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref common.Referen Ref: ref("github.com/openshift/api/config/v1alpha1.HashModActionConfig"), }, }, + "labelMap": { + SchemaProps: spec.SchemaProps{ + Description: "labelMap configures the LabelMap action. Required when type is LabelMap.", + Ref: ref("github.com/openshift/api/config/v1alpha1.LabelMapActionConfig"), + }, + }, "lowercase": { SchemaProps: spec.SchemaProps{ Description: "lowercase configures the Lowercase action. Required when type is Lowercase. Requires Prometheus >= v2.36.0.", @@ -24920,12 +24933,6 @@ func schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref common.Referen Ref: ref("github.com/openshift/api/config/v1alpha1.DropEqualActionConfig"), }, }, - "labelMap": { - SchemaProps: spec.SchemaProps{ - Description: "labelMap configures the LabelMap action. Required when type is LabelMap.", - Ref: ref("github.com/openshift/api/config/v1alpha1.LabelMapActionConfig"), - }, - }, }, Required: []string{"type"}, }, @@ -25026,7 +25033,7 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa Properties: map[string]spec.Schema{ "url": { SchemaProps: spec.SchemaProps{ - Description: "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Description: "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Empty string is invalid. Must be between 1 and 2048 characters in length.", Type: []string{"string"}, Format: "", }, @@ -25099,7 +25106,7 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa }, "metadataConfig": { SchemaProps: spec.SchemaProps{ - Description: "metadataConfig defines settings for sending series metadata to remote write storage. When omitted, no metadata is sent.", + Description: "metadataConfig configures the sending of series metadata to remote storage if the prometheus.WriteRequest message was chosen. When io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases.", Ref: ref("github.com/openshift/api/config/v1alpha1.MetadataConfig"), }, }, @@ -25120,19 +25127,20 @@ func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCa "queueConfig": { SchemaProps: spec.SchemaProps{ Description: "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.QueueConfig"), }, }, - "remoteTimeout": { + "remoteTimeoutSeconds": { SchemaProps: spec.SchemaProps{ - Description: "remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 10 minutes.", - Type: []string{"string"}, - Format: "", + Description: "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Type: []string{"integer"}, + Format: "int32", }, }, - "sendExemplars": { + "exemplarsMode": { SchemaProps: spec.SchemaProps{ - Description: "sendExemplars defines whether exemplars are sent via remote write. When set to \"Enabled\", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"Disabled\", exemplars are not sent. Valid values are \"Enabled\" and \"Disabled\".", + Description: "exemplarsMode controls whether exemplars are sent via remote write. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent. Valid values are \"Send\" and \"DoNotSend\".", Type: []string{"string"}, Format: "", }, diff --git a/openapi/openapi.json b/openapi/openapi.json index e5854448a33..328e5cf5b1c 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -12175,7 +12175,7 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AuthorizationConfig" }, "name": { - "description": "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", + "description": "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", "type": "string" }, "pathPrefix": { @@ -12183,11 +12183,11 @@ "type": "string" }, "scheme": { - "description": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "description": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", "type": "string" }, "staticConfigs": { - "description": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique.", + "description": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", "type": "array", "items": { "type": "string", @@ -12708,6 +12708,11 @@ "targetLabel" ], "properties": { + "modulus": { + "description": "modulus is the divisor applied to the hash of the source label values (target = hash % modulus). Only applicable when the action is HashMod. When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1.", + "type": "integer", + "format": "int64" + }, "targetLabel": { "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", "type": "string" @@ -13039,8 +13044,8 @@ "description": "MetadataConfig defines settings for sending series metadata to remote write storage.", "type": "object", "properties": { - "send": { - "description": "send defines whether series metadata is sent to the remote write endpoint. When set to \"Enabled\", Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to \"Disabled\", no metadata is sent. Valid values are \"Enabled\" and \"Disabled\".", + "mode": { + "description": "mode controls whether series metadata is sent to the remote write endpoint. When set to \"Send\", Prometheus sends metadata about time series to the remote write endpoint. When omitted or set to \"DoNotSend\", no metadata is sent. Valid values are \"Send\" and \"DoNotSend\".", "type": "string" }, "sendInterval": { @@ -13355,7 +13360,7 @@ "type": "string" }, "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. Maximum of 10 node selector key-value pairs can be specified.", + "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", "type": "object", "additionalProperties": { "type": "string", @@ -13427,18 +13432,20 @@ "description": "QueueConfig allows tuning configuration for remote write queue parameters.", "type": "object", "properties": { - "batchSendDeadline": { - "description": "batchSendDeadline is the maximum time a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 second. Maximum value is 1 hour.", - "type": "string" + "batchSendDeadlineSeconds": { + "description": "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + "type": "integer", + "format": "int32" }, "capacity": { "description": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", "type": "integer", "format": "int32" }, - "maxBackoff": { - "description": "maxBackoff is the maximum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"5s\", \"1m\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", - "type": "string" + "maxBackoffMilliseconds": { + "description": "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "type": "integer", + "format": "int32" }, "maxSamplesPerSend": { "description": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", @@ -13450,17 +13457,18 @@ "type": "integer", "format": "int32" }, - "minBackoff": { - "description": "minBackoff is the minimum retry delay. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30ms\", \"1s\"). Minimum value is 1 millisecond. Maximum value is 1 hour.", - "type": "string" + "minBackoffMilliseconds": { + "description": "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "type": "integer", + "format": "int32" }, "minShards": { "description": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", "type": "integer", "format": "int32" }, - "retryOnRateLimit": { - "description": "retryOnRateLimit defines whether to retry requests on HTTP 429 responses. When set to \"Enabled\", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. When omitted or set to \"Disabled\", no retries are performed on rate limit responses. Valid values are \"Enabled\" and \"Disabled\".", + "rateLimitedAction": { + "description": "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. When omitted or set to \"DoNotRetry\", no retries are performed on rate limit responses. Valid values are \"Retry\" and \"DoNotRetry\".", "type": "string" } } @@ -13583,6 +13591,10 @@ "description": "bearerTokenFile defines the file that contains the bearer token for the remote write endpoint. However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account. When omitted, no bearer token file is used. Must be a valid file path.", "type": "string" }, + "exemplarsMode": { + "description": "exemplarsMode controls whether exemplars are sent via remote write. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent. Valid values are \"Send\" and \"DoNotSend\".", + "type": "string" + }, "headers": { "description": "headers specifies the custom HTTP headers to be sent along with each remote write request. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters.", "type": "object", @@ -13592,7 +13604,7 @@ } }, "metadataConfig": { - "description": "metadataConfig defines settings for sending series metadata to remote write storage. When omitted, no metadata is sent.", + "description": "metadataConfig configures the sending of series metadata to remote storage if the prometheus.WriteRequest message was chosen. When io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases.", "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetadataConfig" }, "name": { @@ -13610,15 +13622,13 @@ }, "queueConfig": { "description": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.QueueConfig" }, - "remoteTimeout": { - "description": "remoteTimeout defines the timeout value for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Must be a valid duration string (e.g., \"30s\", \"1m\", \"5m\"). Minimum value is 1 second. Maximum value is 10 minutes.", - "type": "string" - }, - "sendExemplars": { - "description": "sendExemplars defines whether exemplars are sent via remote write. When set to \"Enabled\", Prometheus is configured to store a maximum of 100,000 exemplars in memory. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"Disabled\", exemplars are not sent. Valid values are \"Enabled\" and \"Disabled\".", - "type": "string" + "remoteTimeoutSeconds": { + "description": "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "type": "integer", + "format": "int32" }, "sigv4": { "description": "sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed.", @@ -13630,7 +13640,7 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" }, "url": { - "description": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "description": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Empty string is invalid. Must be between 1 and 2048 characters in length.", "type": "string" }, "writeRelabelConfigs": { diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 67bbf1ee32f..f97ac7b89d7 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1379,6 +1379,7 @@ spec: controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters. maxLength: 253 minLength: 1 @@ -1413,6 +1414,7 @@ spec: instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. enum: - HTTP - HTTPS @@ -1424,9 +1426,10 @@ spec: (in brackets) followed by a colon and a valid port number (1-65535). Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). - Each entry must be unique. + Each entry must be unique and non-empty (empty string is invalid). items: maxLength: 255 + minLength: 1 type: string x-kubernetes-validations: - message: must be a valid 'host:port' where host is a @@ -1697,7 +1700,8 @@ spec: When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. - Maximum of 10 node selector key-value pairs can be specified. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. maxProperties: 10 minProperties: 1 type: object @@ -1887,6 +1891,17 @@ spec: maxLength: 1024 minLength: 1 type: string + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + Valid values are "Send" and "DoNotSend". + enum: + - Send + - DoNotSend + type: string headers: additionalProperties: type: string @@ -1900,18 +1915,21 @@ spec: type: object metadataConfig: description: |- - metadataConfig defines settings for sending series metadata to remote write storage. + metadataConfig configures the sending of series metadata to remote storage + if the prometheus.WriteRequest message was chosen. When + io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. + Metadata configuration is subject to change at any point or be removed in future releases. properties: - send: + mode: description: |- - send defines whether series metadata is sent to the remote write endpoint. - When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to "Disabled", no metadata is sent. - Valid values are "Enabled" and "Disabled". + mode controls whether series metadata is sent to the remote write endpoint. + When set to "Send", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "DoNotSend", no metadata is sent. + Valid values are "Send" and "DoNotSend". enum: - - Enabled - - Disabled + - Send + - DoNotSend type: string sendInterval: description: |- @@ -2072,16 +2090,18 @@ spec: description: |- queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used. + minProperties: 1 properties: - batchSendDeadline: + batchSendDeadlineSeconds: description: |- - batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer capacity: description: |- capacity is the number of samples to buffer per shard before we start dropping them. @@ -2093,15 +2113,16 @@ spec: maximum: 1000000 minimum: 1 type: integer - maxBackoff: + maxBackoffMilliseconds: description: |- - maxBackoff is the maximum retry delay. + maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer maxSamplesPerSend: description: |- maxSamplesPerSend is the maximum number of samples per send. @@ -2124,15 +2145,16 @@ spec: maximum: 10000 minimum: 1 type: integer - minBackoff: + minBackoffMilliseconds: description: |- - minBackoff is the minimum retry delay. + minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer minShards: description: |- minShards is the minimum number of shards, i.e. amount of concurrency. @@ -2144,37 +2166,27 @@ spec: maximum: 10000 minimum: 1 type: integer - retryOnRateLimit: + rateLimitedAction: description: |- - retryOnRateLimit defines whether to retry requests on HTTP 429 responses. - When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to "Disabled", no retries are performed on rate limit responses. - Valid values are "Enabled" and "Disabled". + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + When omitted or set to "DoNotRetry", no retries are performed on rate limit responses. + Valid values are "Retry" and "DoNotRetry". enum: - - Enabled - - Disabled + - Retry + - DoNotRetry type: string type: object - remoteTimeout: + remoteTimeoutSeconds: description: |- - remoteTimeout defines the timeout value for requests to the remote write endpoint. + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 10 minutes. - maxLength: 20 - type: string - sendExemplars: - description: |- - sendExemplars defines whether exemplars are sent via remote write. - When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. - Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted or set to "Disabled", exemplars are not sent. - Valid values are "Enabled" and "Disabled". - enum: - - Enabled - - Disabled - type: string + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. @@ -2425,15 +2437,17 @@ spec: url: description: |- url is the URL of the remote write endpoint. - Must be a valid URL with http or https scheme. - Must be between 1 and 2048 characters in length. + Must be a valid URL with http or https scheme and a non-empty hostname. + Empty string is invalid. Must be between 1 and 2048 characters in length. maxLength: 2048 minLength: 1 type: string x-kubernetes-validations: - message: must be a valid URL with http or https scheme + and a non-empty hostname rule: isURL(self) && (url(self).getScheme() == 'http' - || url(self).getScheme() == 'https') + || url(self).getScheme() == 'https') && size(url(self).getHostname()) + > 0 writeRelabelConfigs: description: |- writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. @@ -2469,6 +2483,15 @@ spec: hashMod configures the HashMod action. Required when type is HashMod. properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the source label values (target = hash % modulus). + Only applicable when the action is HashMod. + When omitted, the platform chooses a reasonable default, which may change over time. + Must be at least 1. + format: int64 + minimum: 1 + type: integer targetLabel: description: |- targetLabel is the target label name where the result is written. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 86e98478414..8ee384d4dcd 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1379,6 +1379,7 @@ spec: controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters. maxLength: 253 minLength: 1 @@ -1413,6 +1414,7 @@ spec: instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. enum: - HTTP - HTTPS @@ -1424,9 +1426,10 @@ spec: (in brackets) followed by a colon and a valid port number (1-65535). Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). - Each entry must be unique. + Each entry must be unique and non-empty (empty string is invalid). items: maxLength: 255 + minLength: 1 type: string x-kubernetes-validations: - message: must be a valid 'host:port' where host is a @@ -1697,7 +1700,8 @@ spec: When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. - Maximum of 10 node selector key-value pairs can be specified. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. maxProperties: 10 minProperties: 1 type: object @@ -1887,6 +1891,17 @@ spec: maxLength: 1024 minLength: 1 type: string + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + Valid values are "Send" and "DoNotSend". + enum: + - Send + - DoNotSend + type: string headers: additionalProperties: type: string @@ -1900,18 +1915,21 @@ spec: type: object metadataConfig: description: |- - metadataConfig defines settings for sending series metadata to remote write storage. + metadataConfig configures the sending of series metadata to remote storage + if the prometheus.WriteRequest message was chosen. When + io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. + Metadata configuration is subject to change at any point or be removed in future releases. properties: - send: + mode: description: |- - send defines whether series metadata is sent to the remote write endpoint. - When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to "Disabled", no metadata is sent. - Valid values are "Enabled" and "Disabled". + mode controls whether series metadata is sent to the remote write endpoint. + When set to "Send", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "DoNotSend", no metadata is sent. + Valid values are "Send" and "DoNotSend". enum: - - Enabled - - Disabled + - Send + - DoNotSend type: string sendInterval: description: |- @@ -2072,16 +2090,18 @@ spec: description: |- queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used. + minProperties: 1 properties: - batchSendDeadline: + batchSendDeadlineSeconds: description: |- - batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer capacity: description: |- capacity is the number of samples to buffer per shard before we start dropping them. @@ -2093,15 +2113,16 @@ spec: maximum: 1000000 minimum: 1 type: integer - maxBackoff: + maxBackoffMilliseconds: description: |- - maxBackoff is the maximum retry delay. + maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer maxSamplesPerSend: description: |- maxSamplesPerSend is the maximum number of samples per send. @@ -2124,15 +2145,16 @@ spec: maximum: 10000 minimum: 1 type: integer - minBackoff: + minBackoffMilliseconds: description: |- - minBackoff is the minimum retry delay. + minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer minShards: description: |- minShards is the minimum number of shards, i.e. amount of concurrency. @@ -2144,37 +2166,27 @@ spec: maximum: 10000 minimum: 1 type: integer - retryOnRateLimit: + rateLimitedAction: description: |- - retryOnRateLimit defines whether to retry requests on HTTP 429 responses. - When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to "Disabled", no retries are performed on rate limit responses. - Valid values are "Enabled" and "Disabled". + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + When omitted or set to "DoNotRetry", no retries are performed on rate limit responses. + Valid values are "Retry" and "DoNotRetry". enum: - - Enabled - - Disabled + - Retry + - DoNotRetry type: string type: object - remoteTimeout: + remoteTimeoutSeconds: description: |- - remoteTimeout defines the timeout value for requests to the remote write endpoint. + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 10 minutes. - maxLength: 20 - type: string - sendExemplars: - description: |- - sendExemplars defines whether exemplars are sent via remote write. - When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. - Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted or set to "Disabled", exemplars are not sent. - Valid values are "Enabled" and "Disabled". - enum: - - Enabled - - Disabled - type: string + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. @@ -2425,15 +2437,17 @@ spec: url: description: |- url is the URL of the remote write endpoint. - Must be a valid URL with http or https scheme. - Must be between 1 and 2048 characters in length. + Must be a valid URL with http or https scheme and a non-empty hostname. + Empty string is invalid. Must be between 1 and 2048 characters in length. maxLength: 2048 minLength: 1 type: string x-kubernetes-validations: - message: must be a valid URL with http or https scheme + and a non-empty hostname rule: isURL(self) && (url(self).getScheme() == 'http' - || url(self).getScheme() == 'https') + || url(self).getScheme() == 'https') && size(url(self).getHostname()) + > 0 writeRelabelConfigs: description: |- writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. @@ -2469,6 +2483,15 @@ spec: hashMod configures the HashMod action. Required when type is HashMod. properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the source label values (target = hash % modulus). + Only applicable when the action is HashMod. + When omitted, the platform chooses a reasonable default, which may change over time. + Must be at least 1. + format: int64 + minimum: 1 + type: integer targetLabel: description: |- targetLabel is the target label name where the result is written. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index ecec6278e6a..d75f44107d6 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1379,6 +1379,7 @@ spec: controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters. maxLength: 253 minLength: 1 @@ -1413,6 +1414,7 @@ spec: instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. enum: - HTTP - HTTPS @@ -1424,9 +1426,10 @@ spec: (in brackets) followed by a colon and a valid port number (1-65535). Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). - Each entry must be unique. + Each entry must be unique and non-empty (empty string is invalid). items: maxLength: 255 + minLength: 1 type: string x-kubernetes-validations: - message: must be a valid 'host:port' where host is a @@ -1697,7 +1700,8 @@ spec: When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. - Maximum of 10 node selector key-value pairs can be specified. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. maxProperties: 10 minProperties: 1 type: object @@ -1887,6 +1891,17 @@ spec: maxLength: 1024 minLength: 1 type: string + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + Valid values are "Send" and "DoNotSend". + enum: + - Send + - DoNotSend + type: string headers: additionalProperties: type: string @@ -1900,18 +1915,21 @@ spec: type: object metadataConfig: description: |- - metadataConfig defines settings for sending series metadata to remote write storage. + metadataConfig configures the sending of series metadata to remote storage + if the prometheus.WriteRequest message was chosen. When + io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. + Metadata configuration is subject to change at any point or be removed in future releases. properties: - send: + mode: description: |- - send defines whether series metadata is sent to the remote write endpoint. - When set to "Enabled", Prometheus sends metadata about time series to the remote write endpoint. - When omitted or set to "Disabled", no metadata is sent. - Valid values are "Enabled" and "Disabled". + mode controls whether series metadata is sent to the remote write endpoint. + When set to "Send", Prometheus sends metadata about time series to the remote write endpoint. + When omitted or set to "DoNotSend", no metadata is sent. + Valid values are "Send" and "DoNotSend". enum: - - Enabled - - Disabled + - Send + - DoNotSend type: string sendInterval: description: |- @@ -2072,16 +2090,18 @@ spec: description: |- queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used. + minProperties: 1 properties: - batchSendDeadline: + batchSendDeadlineSeconds: description: |- - batchSendDeadline is the maximum time a sample will wait in buffer before being sent. + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 second. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer capacity: description: |- capacity is the number of samples to buffer per shard before we start dropping them. @@ -2093,15 +2113,16 @@ spec: maximum: 1000000 minimum: 1 type: integer - maxBackoff: + maxBackoffMilliseconds: description: |- - maxBackoff is the maximum retry delay. + maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "5s", "1m"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer maxSamplesPerSend: description: |- maxSamplesPerSend is the maximum number of samples per send. @@ -2124,15 +2145,16 @@ spec: maximum: 10000 minimum: 1 type: integer - minBackoff: + minBackoffMilliseconds: description: |- - minBackoff is the minimum retry delay. + minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30ms", "1s"). Minimum value is 1 millisecond. - Maximum value is 1 hour. - maxLength: 20 - type: string + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer minShards: description: |- minShards is the minimum number of shards, i.e. amount of concurrency. @@ -2144,37 +2166,27 @@ spec: maximum: 10000 minimum: 1 type: integer - retryOnRateLimit: + rateLimitedAction: description: |- - retryOnRateLimit defines whether to retry requests on HTTP 429 responses. - When set to "Enabled", Prometheus will retry requests that receive HTTP 429 (Too Many Requests) responses. - When omitted or set to "Disabled", no retries are performed on rate limit responses. - Valid values are "Enabled" and "Disabled". + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + When omitted or set to "DoNotRetry", no retries are performed on rate limit responses. + Valid values are "Retry" and "DoNotRetry". enum: - - Enabled - - Disabled + - Retry + - DoNotRetry type: string type: object - remoteTimeout: + remoteTimeoutSeconds: description: |- - remoteTimeout defines the timeout value for requests to the remote write endpoint. + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - Must be a valid duration string (e.g., "30s", "1m", "5m"). Minimum value is 1 second. - Maximum value is 10 minutes. - maxLength: 20 - type: string - sendExemplars: - description: |- - sendExemplars defines whether exemplars are sent via remote write. - When set to "Enabled", Prometheus is configured to store a maximum of 100,000 exemplars in memory. - Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. - When omitted or set to "Disabled", exemplars are not sent. - Valid values are "Enabled" and "Disabled". - enum: - - Enabled - - Disabled - type: string + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer sigv4: description: |- sigv4 defines AWS Signature Version 4 authentication settings. @@ -2425,15 +2437,17 @@ spec: url: description: |- url is the URL of the remote write endpoint. - Must be a valid URL with http or https scheme. - Must be between 1 and 2048 characters in length. + Must be a valid URL with http or https scheme and a non-empty hostname. + Empty string is invalid. Must be between 1 and 2048 characters in length. maxLength: 2048 minLength: 1 type: string x-kubernetes-validations: - message: must be a valid URL with http or https scheme + and a non-empty hostname rule: isURL(self) && (url(self).getScheme() == 'http' - || url(self).getScheme() == 'https') + || url(self).getScheme() == 'https') && size(url(self).getHostname()) + > 0 writeRelabelConfigs: description: |- writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. @@ -2469,6 +2483,15 @@ spec: hashMod configures the HashMod action. Required when type is HashMod. properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the source label values (target = hash % modulus). + Only applicable when the action is HashMod. + When omitted, the platform chooses a reasonable default, which may change over time. + Must be at least 1. + format: int64 + minimum: 1 + type: integer targetLabel: description: |- targetLabel is the target label name where the result is written. From 16095296ec9cb444fcb04fb61477301705e78a8b Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Thu, 5 Feb 2026 11:52:26 +0100 Subject: [PATCH 8/9] Improve action definitions Signed-off-by: Mario Fernandez --- config/v1alpha1/types_cluster_monitoring.go | 80 ++++++++++--------- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 43 +++++----- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 43 +++++----- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 43 +++++----- .../ClusterMonitoringConfig.yaml | 43 +++++----- .../zz_generated.swagger_doc_generated.go | 34 ++++---- .../generated_openapi/zz_generated.openapi.go | 34 ++++---- openapi/openapi.json | 34 ++++---- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 43 +++++----- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 43 +++++----- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 43 +++++----- 11 files changed, 233 insertions(+), 250 deletions(-) diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 82a105f24eb..fcc6f2e4a56 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -1155,17 +1155,17 @@ type RelabelConfig struct { type RelabelActionConfig struct { // type specifies the action to perform on the matched labels. // Valid actions are: - // - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - // - Keep: Keeps only metrics where regex matches the source labels. - // - Drop: Drops metrics where regex matches the source labels. - // - HashMod: Sets targetLabel to the hash modulus of the source labels. - // - LabelMap: Copies labels matching regex to new label names derived from replacement. - // - LabelDrop: Drops labels matching regex. - // - LabelKeep: Keeps only labels matching regex. - // - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - // - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - // - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - // - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + // - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + // - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0. + // - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0. + // - Keep: Drop targets for which regex does not match the concatenated source_labels. + // - Drop: Drop targets for which regex matches the concatenated source_labels. + // - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0. + // - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0. + // - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels. + // - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + // - LabelDrop: Match regex against all label names; any label that matches is removed. + // - LabelKeep: Match regex against all label names; any label that does not match is removed. // +required // +unionDiscriminator Type RelabelAction `json:"type,omitempty"` @@ -1218,16 +1218,16 @@ type RelabelActionConfig struct { } // ReplaceActionConfig configures the Replace action. +// Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match. type ReplaceActionConfig struct { - // targetLabel is the target label name where the result is written. + // targetLabel is the label name where the replacement result is written. // Must be between 1 and 128 characters in length. // +required // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=128 TargetLabel string `json:"targetLabel,omitempty"` - // replacement value against which a Replace action is performed if the - // regular expression matches. Regex capture groups are available (e.g., $1, $2). + // replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // The default value is "$1" (the first capture group). // Setting to an empty string ("") explicitly clears the target label value. @@ -1238,16 +1238,16 @@ type ReplaceActionConfig struct { } // HashModActionConfig configures the HashMod action. +// target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus). type HashModActionConfig struct { - // targetLabel is the target label name where the result is written. + // targetLabel is the label name where the hash modulus result is written. // Must be between 1 and 128 characters in length. // +required // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=128 TargetLabel string `json:"targetLabel,omitempty"` - // modulus is the divisor applied to the hash of the source label values (target = hash % modulus). - // Only applicable when the action is HashMod. + // modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). // When omitted, the platform chooses a reasonable default, which may change over time. // Must be at least 1. // +optional @@ -1256,9 +1256,10 @@ type HashModActionConfig struct { } // LowercaseActionConfig configures the Lowercase action. +// Maps the concatenated source_labels to their lower case and writes to target_label. // Requires Prometheus >= v2.36.0. type LowercaseActionConfig struct { - // targetLabel is the target label name where the result is written. + // targetLabel is the label name where the lower-cased value is written. // Must be between 1 and 128 characters in length. // +required // +kubebuilder:validation:MinLength=1 @@ -1267,9 +1268,10 @@ type LowercaseActionConfig struct { } // UppercaseActionConfig configures the Uppercase action. +// Maps the concatenated source_labels to their upper case and writes to target_label. // Requires Prometheus >= v2.36.0. type UppercaseActionConfig struct { - // targetLabel is the target label name where the result is written. + // targetLabel is the label name where the upper-cased value is written. // Must be between 1 and 128 characters in length. // +required // +kubebuilder:validation:MinLength=1 @@ -1278,9 +1280,10 @@ type UppercaseActionConfig struct { } // KeepEqualActionConfig configures the KeepEqual action. +// Drops targets for which the concatenated source_labels do not match the value of target_label. // Requires Prometheus >= v2.41.0. type KeepEqualActionConfig struct { - // targetLabel is the target label name where the result is written. + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. // Must be between 1 and 128 characters in length. // +required // +kubebuilder:validation:MinLength=1 @@ -1289,9 +1292,10 @@ type KeepEqualActionConfig struct { } // DropEqualActionConfig configures the DropEqual action. +// Drops targets for which the concatenated source_labels do match the value of target_label. // Requires Prometheus >= v2.41.0. type DropEqualActionConfig struct { - // targetLabel is the target label name where the result is written. + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. // Must be between 1 and 128 characters in length. // +required // +kubebuilder:validation:MinLength=1 @@ -1300,9 +1304,9 @@ type DropEqualActionConfig struct { } // LabelMapActionConfig configures the LabelMap action. +// Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted. type LabelMapActionConfig struct { - // replacement value used to derive new label names from labels matching the regex. - // Regex capture groups are available (e.g., $1, $2). + // replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // The default value is "$1" (the first capture group). // Must be at most 255 characters in length. @@ -1434,28 +1438,28 @@ type Retention struct { type RelabelAction string const ( - // RelabelActionReplace replaces the target label with the replacement value. + // RelabelActionReplace: match regex against concatenated source_labels; set target_label to replacement with ${1}, ${2}, ... substituted. No replacement if regex does not match. RelabelActionReplace RelabelAction = "Replace" - // RelabelActionKeep keeps metrics that match the regex. + // RelabelActionLowercase: map the concatenated source_labels to their lower case. + RelabelActionLowercase RelabelAction = "Lowercase" + // RelabelActionUppercase: map the concatenated source_labels to their upper case. + RelabelActionUppercase RelabelAction = "Uppercase" + // RelabelActionKeep: drop targets for which regex does not match the concatenated source_labels. RelabelActionKeep RelabelAction = "Keep" - // RelabelActionDrop drops metrics that match the regex. + // RelabelActionDrop: drop targets for which regex matches the concatenated source_labels. RelabelActionDrop RelabelAction = "Drop" - // RelabelActionHashMod sets the target label to the modulus of a hash of the source labels. + // RelabelActionKeepEqual: drop targets for which the concatenated source_labels do not match target_label. + RelabelActionKeepEqual RelabelAction = "KeepEqual" + // RelabelActionDropEqual: drop targets for which the concatenated source_labels do match target_label. + RelabelActionDropEqual RelabelAction = "DropEqual" + // RelabelActionHashMod: set target_label to the modulus of a hash of the concatenated source_labels. RelabelActionHashMod RelabelAction = "HashMod" - // RelabelActionLabelMap maps label names based on regex matching. + // RelabelActionLabelMap: match regex against all source label names; copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. RelabelActionLabelMap RelabelAction = "LabelMap" - // RelabelActionLabelDrop removes labels that match the regex. + // RelabelActionLabelDrop: match regex against all label names; any label that matches is removed. RelabelActionLabelDrop RelabelAction = "LabelDrop" - // RelabelActionLabelKeep removes labels that do not match the regex. + // RelabelActionLabelKeep: match regex against all label names; any label that does not match is removed. RelabelActionLabelKeep RelabelAction = "LabelKeep" - // RelabelActionLowercase converts the target label value to lowercase. - RelabelActionLowercase RelabelAction = "Lowercase" - // RelabelActionUppercase converts the target label value to uppercase. - RelabelActionUppercase RelabelAction = "Uppercase" - // RelabelActionKeepEqual keeps metrics where the source label value equals the target label value. - RelabelActionKeepEqual RelabelAction = "KeepEqual" - // RelabelActionDropEqual drops metrics where the source label value equals the target label value. - RelabelActionDropEqual RelabelAction = "DropEqual" ) // CollectionProfile defines the metrics collection profile for Prometheus. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index f97ac7b89d7..d3058c46bdb 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -2470,7 +2470,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2485,8 +2485,7 @@ spec: properties: modulus: description: |- - modulus is the divisor applied to the hash of the source label values (target = hash % modulus). - Only applicable when the action is HashMod. + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1. format: int64 @@ -2494,7 +2493,7 @@ spec: type: integer targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2510,7 +2509,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2525,8 +2524,7 @@ spec: properties: replacement: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Must be at most 255 characters in length. @@ -2541,7 +2539,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2556,8 +2554,7 @@ spec: properties: replacement: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Setting to an empty string ("") explicitly clears the target label value. @@ -2566,7 +2563,7 @@ spec: type: string targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2578,17 +2575,17 @@ spec: description: |- type specifies the action to perform on the matched labels. Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0. + - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0. + - Keep: Drop targets for which regex does not match the concatenated source_labels. + - Drop: Drop targets for which regex matches the concatenated source_labels. + - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0. + - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0. + - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels. + - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + - LabelDrop: Match regex against all label names; any label that matches is removed. + - LabelKeep: Match regex against all label names; any label that does not match is removed. enum: - Replace - Keep @@ -2610,7 +2607,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 8ee384d4dcd..e00e0ceb2c4 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -2470,7 +2470,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2485,8 +2485,7 @@ spec: properties: modulus: description: |- - modulus is the divisor applied to the hash of the source label values (target = hash % modulus). - Only applicable when the action is HashMod. + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1. format: int64 @@ -2494,7 +2493,7 @@ spec: type: integer targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2510,7 +2509,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2525,8 +2524,7 @@ spec: properties: replacement: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Must be at most 255 characters in length. @@ -2541,7 +2539,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2556,8 +2554,7 @@ spec: properties: replacement: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Setting to an empty string ("") explicitly clears the target label value. @@ -2566,7 +2563,7 @@ spec: type: string targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2578,17 +2575,17 @@ spec: description: |- type specifies the action to perform on the matched labels. Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0. + - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0. + - Keep: Drop targets for which regex does not match the concatenated source_labels. + - Drop: Drop targets for which regex matches the concatenated source_labels. + - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0. + - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0. + - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels. + - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + - LabelDrop: Match regex against all label names; any label that matches is removed. + - LabelKeep: Match regex against all label names; any label that does not match is removed. enum: - Replace - Keep @@ -2610,7 +2607,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index d75f44107d6..68ab75b2072 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -2470,7 +2470,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2485,8 +2485,7 @@ spec: properties: modulus: description: |- - modulus is the divisor applied to the hash of the source label values (target = hash % modulus). - Only applicable when the action is HashMod. + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1. format: int64 @@ -2494,7 +2493,7 @@ spec: type: integer targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2510,7 +2509,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2525,8 +2524,7 @@ spec: properties: replacement: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Must be at most 255 characters in length. @@ -2541,7 +2539,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2556,8 +2554,7 @@ spec: properties: replacement: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Setting to an empty string ("") explicitly clears the target label value. @@ -2566,7 +2563,7 @@ spec: type: string targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2578,17 +2575,17 @@ spec: description: |- type specifies the action to perform on the matched labels. Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0. + - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0. + - Keep: Drop targets for which regex does not match the concatenated source_labels. + - Drop: Drop targets for which regex matches the concatenated source_labels. + - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0. + - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0. + - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels. + - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + - LabelDrop: Match regex against all label names; any label that matches is removed. + - LabelKeep: Match regex against all label names; any label that does not match is removed. enum: - Replace - Keep @@ -2610,7 +2607,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 8ac12a7f81b..52a96865347 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -2470,7 +2470,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2485,8 +2485,7 @@ spec: properties: modulus: description: |- - modulus is the divisor applied to the hash of the source label values (target = hash % modulus). - Only applicable when the action is HashMod. + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1. format: int64 @@ -2494,7 +2493,7 @@ spec: type: integer targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2510,7 +2509,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2525,8 +2524,7 @@ spec: properties: replacement: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Must be at most 255 characters in length. @@ -2541,7 +2539,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2556,8 +2554,7 @@ spec: properties: replacement: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Setting to an empty string ("") explicitly clears the target label value. @@ -2566,7 +2563,7 @@ spec: type: string targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2578,17 +2575,17 @@ spec: description: |- type specifies the action to perform on the matched labels. Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0. + - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0. + - Keep: Drop targets for which regex does not match the concatenated source_labels. + - Drop: Drop targets for which regex matches the concatenated source_labels. + - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0. + - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0. + - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels. + - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + - LabelDrop: Match regex against all label names; any label that matches is removed. + - LabelKeep: Match regex against all label names; any label that does not match is removed. enum: - Replace - Keep @@ -2610,7 +2607,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 4112d984fe7..727b5eec454 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -241,8 +241,8 @@ func (ContainerResource) SwaggerDoc() map[string]string { } var map_DropEqualActionConfig = map[string]string{ - "": "DropEqualActionConfig configures the DropEqual action. Requires Prometheus >= v2.41.0.", - "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "": "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", } func (DropEqualActionConfig) SwaggerDoc() map[string]string { @@ -250,9 +250,9 @@ func (DropEqualActionConfig) SwaggerDoc() map[string]string { } var map_HashModActionConfig = map[string]string{ - "": "HashModActionConfig configures the HashMod action.", - "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", - "modulus": "modulus is the divisor applied to the hash of the source label values (target = hash % modulus). Only applicable when the action is HashMod. When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1.", + "": "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", + "targetLabel": "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + "modulus": "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1.", } func (HashModActionConfig) SwaggerDoc() map[string]string { @@ -260,8 +260,8 @@ func (HashModActionConfig) SwaggerDoc() map[string]string { } var map_KeepEqualActionConfig = map[string]string{ - "": "KeepEqualActionConfig configures the KeepEqual action. Requires Prometheus >= v2.41.0.", - "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "": "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", } func (KeepEqualActionConfig) SwaggerDoc() map[string]string { @@ -279,8 +279,8 @@ func (Label) SwaggerDoc() map[string]string { } var map_LabelMapActionConfig = map[string]string{ - "": "LabelMapActionConfig configures the LabelMap action.", - "replacement": "replacement value used to derive new label names from labels matching the regex. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Must be at most 255 characters in length.", + "": "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", + "replacement": "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Must be at most 255 characters in length.", } func (LabelMapActionConfig) SwaggerDoc() map[string]string { @@ -288,8 +288,8 @@ func (LabelMapActionConfig) SwaggerDoc() map[string]string { } var map_LowercaseActionConfig = map[string]string{ - "": "LowercaseActionConfig configures the Lowercase action. Requires Prometheus >= v2.36.0.", - "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "": "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", } func (LowercaseActionConfig) SwaggerDoc() map[string]string { @@ -385,7 +385,7 @@ func (QueueConfig) SwaggerDoc() map[string]string { var map_RelabelActionConfig = map[string]string{ "": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", - "type": "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", + "type": "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0.\n - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0.\n - Keep: Drop targets for which regex does not match the concatenated source_labels.\n - Drop: Drop targets for which regex matches the concatenated source_labels.\n - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0.\n - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0.\n - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels.\n - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted.\n - LabelDrop: Match regex against all label names; any label that matches is removed.\n - LabelKeep: Match regex against all label names; any label that does not match is removed.", "replace": "replace configures the Replace action. Required when type is Replace.", "hashMod": "hashMod configures the HashMod action. Required when type is HashMod.", "labelMap": "labelMap configures the LabelMap action. Required when type is LabelMap.", @@ -436,9 +436,9 @@ func (RemoteWriteSpec) SwaggerDoc() map[string]string { } var map_ReplaceActionConfig = map[string]string{ - "": "ReplaceActionConfig configures the Replace action.", - "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", - "replacement": "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + "": "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + "targetLabel": "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", + "replacement": "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", } func (ReplaceActionConfig) SwaggerDoc() map[string]string { @@ -502,8 +502,8 @@ func (TLSConfig) SwaggerDoc() map[string]string { } var map_UppercaseActionConfig = map[string]string{ - "": "UppercaseActionConfig configures the Uppercase action. Requires Prometheus >= v2.36.0.", - "targetLabel": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", } func (UppercaseActionConfig) SwaggerDoc() map[string]string { diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 37a024e33f7..e01a24122a7 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -23357,12 +23357,12 @@ func schema_openshift_api_config_v1alpha1_DropEqualActionConfig(ref common.Refer return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DropEqualActionConfig configures the DropEqual action. Requires Prometheus >= v2.41.0.", + Description: "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Description: "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, @@ -23467,19 +23467,19 @@ func schema_openshift_api_config_v1alpha1_HashModActionConfig(ref common.Referen return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "HashModActionConfig configures the HashMod action.", + Description: "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Description: "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, }, "modulus": { SchemaProps: spec.SchemaProps{ - Description: "modulus is the divisor applied to the hash of the source label values (target = hash % modulus). Only applicable when the action is HashMod. When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1.", + Description: "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1.", Type: []string{"integer"}, Format: "int64", }, @@ -23939,12 +23939,12 @@ func schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref common.Refer return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "KeepEqualActionConfig configures the KeepEqual action. Requires Prometheus >= v2.41.0.", + Description: "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Description: "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, @@ -23988,12 +23988,12 @@ func schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref common.Refere return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LabelMapActionConfig configures the LabelMap action.", + Description: "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "replacement": { SchemaProps: spec.SchemaProps{ - Description: "replacement value used to derive new label names from labels matching the regex. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Must be at most 255 characters in length.", + Description: "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Must be at most 255 characters in length.", Type: []string{"string"}, Format: "", }, @@ -24008,12 +24008,12 @@ func schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref common.Refer return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LowercaseActionConfig configures the Lowercase action. Requires Prometheus >= v2.36.0.", + Description: "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Description: "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, @@ -24880,7 +24880,7 @@ func schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref common.Referen Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", + Description: "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0.\n - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0.\n - Keep: Drop targets for which regex does not match the concatenated source_labels.\n - Drop: Drop targets for which regex matches the concatenated source_labels.\n - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0.\n - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0.\n - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels.\n - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted.\n - LabelDrop: Match regex against all label names; any label that matches is removed.\n - LabelKeep: Match regex against all label names; any label that does not match is removed.", Type: []string{"string"}, Format: "", }, @@ -25171,19 +25171,19 @@ func schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref common.Referen return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ReplaceActionConfig configures the Replace action.", + Description: "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Description: "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, }, "replacement": { SchemaProps: spec.SchemaProps{ - Description: "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + Description: "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", Type: []string{"string"}, Format: "", }, @@ -25525,12 +25525,12 @@ func schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref common.Refer return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UppercaseActionConfig configures the Uppercase action. Requires Prometheus >= v2.36.0.", + Description: "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + Description: "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, diff --git a/openapi/openapi.json b/openapi/openapi.json index 328e5cf5b1c..92b8106744d 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -12641,14 +12641,14 @@ } }, "com.github.openshift.api.config.v1alpha1.DropEqualActionConfig": { - "description": "DropEqualActionConfig configures the DropEqual action. Requires Prometheus >= v2.41.0.", + "description": "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", "type": "object", "required": [ "targetLabel" ], "properties": { "targetLabel": { - "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "description": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", "type": "string" } } @@ -12702,19 +12702,19 @@ } }, "com.github.openshift.api.config.v1alpha1.HashModActionConfig": { - "description": "HashModActionConfig configures the HashMod action.", + "description": "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", "type": "object", "required": [ "targetLabel" ], "properties": { "modulus": { - "description": "modulus is the divisor applied to the hash of the source label values (target = hash % modulus). Only applicable when the action is HashMod. When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1.", + "description": "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1.", "type": "integer", "format": "int64" }, "targetLabel": { - "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "description": "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", "type": "string" } } @@ -12987,14 +12987,14 @@ "type": "object" }, "com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig": { - "description": "KeepEqualActionConfig configures the KeepEqual action. Requires Prometheus >= v2.41.0.", + "description": "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", "type": "object", "required": [ "targetLabel" ], "properties": { "targetLabel": { - "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "description": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", "type": "string" } } @@ -13018,24 +13018,24 @@ } }, "com.github.openshift.api.config.v1alpha1.LabelMapActionConfig": { - "description": "LabelMapActionConfig configures the LabelMap action.", + "description": "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", "type": "object", "properties": { "replacement": { - "description": "replacement value used to derive new label names from labels matching the regex. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Must be at most 255 characters in length.", + "description": "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Must be at most 255 characters in length.", "type": "string" } } }, "com.github.openshift.api.config.v1alpha1.LowercaseActionConfig": { - "description": "LowercaseActionConfig configures the Lowercase action. Requires Prometheus >= v2.36.0.", + "description": "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", "type": "object", "required": [ "targetLabel" ], "properties": { "targetLabel": { - "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "description": "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", "type": "string" } } @@ -13510,7 +13510,7 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ReplaceActionConfig" }, "type": { - "description": "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.\n - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0.\n - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0.\n - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.\n - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0.", + "description": "type specifies the action to perform on the matched labels. Valid actions are:\n - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0.\n - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0.\n - Keep: Drop targets for which regex does not match the concatenated source_labels.\n - Drop: Drop targets for which regex matches the concatenated source_labels.\n - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0.\n - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0.\n - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels.\n - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted.\n - LabelDrop: Match regex against all label names; any label that matches is removed.\n - LabelKeep: Match regex against all label names; any label that does not match is removed.", "type": "string" }, "uppercase": { @@ -13658,18 +13658,18 @@ } }, "com.github.openshift.api.config.v1alpha1.ReplaceActionConfig": { - "description": "ReplaceActionConfig configures the Replace action.", + "description": "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", "type": "object", "required": [ "targetLabel" ], "properties": { "replacement": { - "description": "replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + "description": "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", "type": "string" }, "targetLabel": { - "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "description": "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", "type": "string" } } @@ -13876,14 +13876,14 @@ } }, "com.github.openshift.api.config.v1alpha1.UppercaseActionConfig": { - "description": "UppercaseActionConfig configures the Uppercase action. Requires Prometheus >= v2.36.0.", + "description": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", "type": "object", "required": [ "targetLabel" ], "properties": { "targetLabel": { - "description": "targetLabel is the target label name where the result is written. Must be between 1 and 128 characters in length.", + "description": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", "type": "string" } } diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index f97ac7b89d7..d3058c46bdb 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -2470,7 +2470,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2485,8 +2485,7 @@ spec: properties: modulus: description: |- - modulus is the divisor applied to the hash of the source label values (target = hash % modulus). - Only applicable when the action is HashMod. + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1. format: int64 @@ -2494,7 +2493,7 @@ spec: type: integer targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2510,7 +2509,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2525,8 +2524,7 @@ spec: properties: replacement: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Must be at most 255 characters in length. @@ -2541,7 +2539,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2556,8 +2554,7 @@ spec: properties: replacement: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Setting to an empty string ("") explicitly clears the target label value. @@ -2566,7 +2563,7 @@ spec: type: string targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2578,17 +2575,17 @@ spec: description: |- type specifies the action to perform on the matched labels. Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0. + - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0. + - Keep: Drop targets for which regex does not match the concatenated source_labels. + - Drop: Drop targets for which regex matches the concatenated source_labels. + - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0. + - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0. + - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels. + - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + - LabelDrop: Match regex against all label names; any label that matches is removed. + - LabelKeep: Match regex against all label names; any label that does not match is removed. enum: - Replace - Keep @@ -2610,7 +2607,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 8ee384d4dcd..e00e0ceb2c4 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -2470,7 +2470,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2485,8 +2485,7 @@ spec: properties: modulus: description: |- - modulus is the divisor applied to the hash of the source label values (target = hash % modulus). - Only applicable when the action is HashMod. + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1. format: int64 @@ -2494,7 +2493,7 @@ spec: type: integer targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2510,7 +2509,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2525,8 +2524,7 @@ spec: properties: replacement: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Must be at most 255 characters in length. @@ -2541,7 +2539,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2556,8 +2554,7 @@ spec: properties: replacement: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Setting to an empty string ("") explicitly clears the target label value. @@ -2566,7 +2563,7 @@ spec: type: string targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2578,17 +2575,17 @@ spec: description: |- type specifies the action to perform on the matched labels. Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0. + - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0. + - Keep: Drop targets for which regex does not match the concatenated source_labels. + - Drop: Drop targets for which regex matches the concatenated source_labels. + - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0. + - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0. + - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels. + - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + - LabelDrop: Match regex against all label names; any label that matches is removed. + - LabelKeep: Match regex against all label names; any label that does not match is removed. enum: - Replace - Keep @@ -2610,7 +2607,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index d75f44107d6..68ab75b2072 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -2470,7 +2470,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2485,8 +2485,7 @@ spec: properties: modulus: description: |- - modulus is the divisor applied to the hash of the source label values (target = hash % modulus). - Only applicable when the action is HashMod. + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). When omitted, the platform chooses a reasonable default, which may change over time. Must be at least 1. format: int64 @@ -2494,7 +2493,7 @@ spec: type: integer targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2510,7 +2509,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2525,8 +2524,7 @@ spec: properties: replacement: description: |- - replacement value used to derive new label names from labels matching the regex. - Regex capture groups are available (e.g., $1, $2). + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Must be at most 255 characters in length. @@ -2541,7 +2539,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2556,8 +2554,7 @@ spec: properties: replacement: description: |- - replacement value against which a Replace action is performed if the - regular expression matches. Regex capture groups are available (e.g., $1, $2). + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is "$1" (the first capture group). Setting to an empty string ("") explicitly clears the target label value. @@ -2566,7 +2563,7 @@ spec: type: string targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 @@ -2578,17 +2575,17 @@ spec: description: |- type specifies the action to perform on the matched labels. Valid actions are: - - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. - - Keep: Keeps only metrics where regex matches the source labels. - - Drop: Drops metrics where regex matches the source labels. - - HashMod: Sets targetLabel to the hash modulus of the source labels. - - LabelMap: Copies labels matching regex to new label names derived from replacement. - - LabelDrop: Drops labels matching regex. - - LabelKeep: Keeps only labels matching regex. - - Lowercase: Converts the target label value to lowercase. Requires Prometheus >= v2.36.0. - - Uppercase: Converts the target label value to uppercase. Requires Prometheus >= v2.36.0. - - KeepEqual: Keeps only metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. - - DropEqual: Drops metrics where the source label value equals the target label value. Requires Prometheus >= v2.41.0. + - Replace: Match regex against the concatenated source_labels; set target_label to replacement, with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + - Lowercase: Map the concatenated source_labels to their lower case. Requires Prometheus >= v2.36.0. + - Uppercase: Map the concatenated source_labels to their upper case. Requires Prometheus >= v2.36.0. + - Keep: Drop targets for which regex does not match the concatenated source_labels. + - Drop: Drop targets for which regex matches the concatenated source_labels. + - KeepEqual: Drop targets for which the concatenated source_labels do not match target_label. Requires Prometheus >= v2.41.0. + - DropEqual: Drop targets for which the concatenated source_labels do match target_label. Requires Prometheus >= v2.41.0. + - HashMod: Set target_label to the modulus of a hash of the concatenated source_labels. + - LabelMap: Match regex against all source label names (not just source_labels); copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + - LabelDrop: Match regex against all label names; any label that matches is removed. + - LabelKeep: Match regex against all label names; any label that does not match is removed. enum: - Replace - Keep @@ -2610,7 +2607,7 @@ spec: properties: targetLabel: description: |- - targetLabel is the target label name where the result is written. + targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length. maxLength: 128 minLength: 1 From 52d37ad26f3142988a4dc911eef370a0c027d80e Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Thu, 5 Feb 2026 15:02:11 +0100 Subject: [PATCH 9/9] fix linter Signed-off-by: Mario Fernandez --- config/v1alpha1/types_cluster_monitoring.go | 11 +- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 9 + ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 9 + ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 9 + config/v1alpha1/zz_generated.deepcopy.go | 7 +- .../ClusterMonitoringConfig.yaml | 9 + openapi/openapi.json | 451 +++++++++++++++++- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 9 + ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 9 + ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 9 + 10 files changed, 503 insertions(+), 29 deletions(-) diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index fcc6f2e4a56..71cf47b2f4a 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -839,6 +839,7 @@ type RemoteWriteSpec struct { // Maximum of 50 headers can be specified. // Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. // +optional + // +kubebuilder:validation:MinProperties=0 // +kubebuilder:validation:MaxProperties=50 Headers map[string]string `json:"headers,omitempty"` // metadataConfig configures the sending of series metadata to remote storage @@ -923,6 +924,7 @@ type BasicAuth struct { } // MetadataConfig defines settings for sending series metadata to remote write storage. +// +kubebuilder:validation:MinProperties=0 type MetadataConfig struct { // mode controls whether series metadata is sent to the remote write endpoint. // When set to "Send", Prometheus sends metadata about time series to the remote write endpoint. @@ -936,8 +938,9 @@ type MetadataConfig struct { // Minimum value is 1 second. // Maximum value is 24 hours. // +optional + // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=20 - SendInterval *string `json:"sendInterval,omitempty"` + SendInterval string `json:"sendInterval,omitempty"` } // OAuth2 defines OAuth2 authentication settings for the remote write endpoint. @@ -963,6 +966,7 @@ type OAuth2 struct { // Maximum of 20 scopes can be specified. // Each scope must be between 1 and 256 characters. // +optional + // +kubebuilder:validation:MinItems=0 // +kubebuilder:validation:MaxItems=20 // +kubebuilder:validation:items:MinLength=1 // +kubebuilder:validation:items:MaxLength=256 @@ -973,6 +977,7 @@ type OAuth2 struct { // Maximum of 20 parameters can be specified. // Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. // +optional + // +kubebuilder:validation:MinProperties=0 // +kubebuilder:validation:MaxProperties=20 EndpointParams map[string]string `json:"endpointParams,omitempty"` } @@ -1049,6 +1054,7 @@ type QueueConfig struct { } // Sigv4 defines AWS Signature Version 4 authentication settings. +// +kubebuilder:validation:MinProperties=0 type Sigv4 struct { // region is the AWS region. // When omitted, the region is derived from the environment or instance metadata. @@ -1233,6 +1239,7 @@ type ReplaceActionConfig struct { // Setting to an empty string ("") explicitly clears the target label value. // Must be at most 255 characters in length. // +optional + // +kubebuilder:validation:MinLength=0 // +kubebuilder:validation:MaxLength=255 Replacement *string `json:"replacement,omitempty"` } @@ -1305,12 +1312,14 @@ type DropEqualActionConfig struct { // LabelMapActionConfig configures the LabelMap action. // Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted. +// +kubebuilder:validation:MinProperties=0 type LabelMapActionConfig struct { // replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // The default value is "$1" (the first capture group). // Must be at most 255 characters in length. // +optional + // +kubebuilder:validation:MinLength=0 // +kubebuilder:validation:MaxLength=255 Replacement *string `json:"replacement,omitempty"` } diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index d3058c46bdb..570805c1f2c 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1912,6 +1912,7 @@ spec: Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. maxProperties: 50 + minProperties: 0 type: object metadataConfig: description: |- @@ -1920,6 +1921,7 @@ spec: io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases. + minProperties: 0 properties: mode: description: |- @@ -1939,6 +1941,7 @@ spec: Minimum value is 1 second. Maximum value is 24 hours. maxLength: 20 + minLength: 1 type: string type: object name: @@ -2040,6 +2043,7 @@ spec: Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. maxProperties: 20 + minProperties: 0 type: object scopes: description: |- @@ -2052,6 +2056,7 @@ spec: minLength: 1 type: string maxItems: 20 + minItems: 0 type: array x-kubernetes-list-type: atomic tokenUrl: @@ -2191,6 +2196,7 @@ spec: description: |- sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed. + minProperties: 0 properties: accessKey: description: |- @@ -2521,6 +2527,7 @@ spec: description: |- labelMap configures the LabelMap action. Required when type is LabelMap. + minProperties: 0 properties: replacement: description: |- @@ -2529,6 +2536,7 @@ spec: The default value is "$1" (the first capture group). Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string type: object lowercase: @@ -2560,6 +2568,7 @@ spec: Setting to an empty string ("") explicitly clears the target label value. Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string targetLabel: description: |- diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index e00e0ceb2c4..398f6e5a2f5 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1912,6 +1912,7 @@ spec: Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. maxProperties: 50 + minProperties: 0 type: object metadataConfig: description: |- @@ -1920,6 +1921,7 @@ spec: io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases. + minProperties: 0 properties: mode: description: |- @@ -1939,6 +1941,7 @@ spec: Minimum value is 1 second. Maximum value is 24 hours. maxLength: 20 + minLength: 1 type: string type: object name: @@ -2040,6 +2043,7 @@ spec: Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. maxProperties: 20 + minProperties: 0 type: object scopes: description: |- @@ -2052,6 +2056,7 @@ spec: minLength: 1 type: string maxItems: 20 + minItems: 0 type: array x-kubernetes-list-type: atomic tokenUrl: @@ -2191,6 +2196,7 @@ spec: description: |- sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed. + minProperties: 0 properties: accessKey: description: |- @@ -2521,6 +2527,7 @@ spec: description: |- labelMap configures the LabelMap action. Required when type is LabelMap. + minProperties: 0 properties: replacement: description: |- @@ -2529,6 +2536,7 @@ spec: The default value is "$1" (the first capture group). Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string type: object lowercase: @@ -2560,6 +2568,7 @@ spec: Setting to an empty string ("") explicitly clears the target label value. Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string targetLabel: description: |- diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 68ab75b2072..7398d618c5b 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1912,6 +1912,7 @@ spec: Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. maxProperties: 50 + minProperties: 0 type: object metadataConfig: description: |- @@ -1920,6 +1921,7 @@ spec: io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases. + minProperties: 0 properties: mode: description: |- @@ -1939,6 +1941,7 @@ spec: Minimum value is 1 second. Maximum value is 24 hours. maxLength: 20 + minLength: 1 type: string type: object name: @@ -2040,6 +2043,7 @@ spec: Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. maxProperties: 20 + minProperties: 0 type: object scopes: description: |- @@ -2052,6 +2056,7 @@ spec: minLength: 1 type: string maxItems: 20 + minItems: 0 type: array x-kubernetes-list-type: atomic tokenUrl: @@ -2191,6 +2196,7 @@ spec: description: |- sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed. + minProperties: 0 properties: accessKey: description: |- @@ -2521,6 +2527,7 @@ spec: description: |- labelMap configures the LabelMap action. Required when type is LabelMap. + minProperties: 0 properties: replacement: description: |- @@ -2529,6 +2536,7 @@ spec: The default value is "$1" (the first capture group). Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string type: object lowercase: @@ -2560,6 +2568,7 @@ spec: Setting to an empty string ("") explicitly clears the target label value. Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string targetLabel: description: |- diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index 584b4a1734e..301146c8d09 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -1026,11 +1026,6 @@ func (in *LowercaseActionConfig) DeepCopy() *LowercaseActionConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MetadataConfig) DeepCopyInto(out *MetadataConfig) { *out = *in - if in.SendInterval != nil { - in, out := &in.SendInterval, &out.SendInterval - *out = new(string) - **out = **in - } return } @@ -1473,7 +1468,7 @@ func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { if in.MetadataConfig != nil { in, out := &in.MetadataConfig, &out.MetadataConfig *out = new(MetadataConfig) - (*in).DeepCopyInto(*out) + **out = **in } in.OAuth2.DeepCopyInto(&out.OAuth2) out.QueueConfig = in.QueueConfig diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 52a96865347..f9b2cbb258a 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -1912,6 +1912,7 @@ spec: Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. maxProperties: 50 + minProperties: 0 type: object metadataConfig: description: |- @@ -1920,6 +1921,7 @@ spec: io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases. + minProperties: 0 properties: mode: description: |- @@ -1939,6 +1941,7 @@ spec: Minimum value is 1 second. Maximum value is 24 hours. maxLength: 20 + minLength: 1 type: string type: object name: @@ -2040,6 +2043,7 @@ spec: Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. maxProperties: 20 + minProperties: 0 type: object scopes: description: |- @@ -2052,6 +2056,7 @@ spec: minLength: 1 type: string maxItems: 20 + minItems: 0 type: array x-kubernetes-list-type: atomic tokenUrl: @@ -2191,6 +2196,7 @@ spec: description: |- sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed. + minProperties: 0 properties: accessKey: description: |- @@ -2521,6 +2527,7 @@ spec: description: |- labelMap configures the LabelMap action. Required when type is LabelMap. + minProperties: 0 properties: replacement: description: |- @@ -2529,6 +2536,7 @@ spec: The default value is "$1" (the first capture group). Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string type: object lowercase: @@ -2560,6 +2568,7 @@ spec: Setting to an empty string ("") explicitly clears the target label value. Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string targetLabel: description: |- diff --git a/openapi/openapi.json b/openapi/openapi.json index 92b8106744d..0c0069adce8 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -9533,7 +9533,7 @@ } }, "com.github.openshift.api.config.v1.OIDCClientConfig": { - "description": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method", + "description": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method.", "type": "object", "required": [ "componentName", @@ -9547,17 +9547,17 @@ "default": "" }, "clientSecret": { - "description": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field. The client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", + "description": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field.\n\nThe client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, "componentName": { - "description": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "description": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode.\n\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", "type": "string", "default": "" }, "componentNamespace": { - "description": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running. It is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "description": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", "type": "string", "default": "" }, @@ -9612,7 +9612,7 @@ "default": "" }, "componentNamespace": { - "description": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running. It is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "description": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", "type": "string", "default": "" }, @@ -9638,7 +9638,7 @@ "x-kubernetes-list-type": "set" }, "currentOIDCClients": { - "description": "currentOIDCClients is an optional list of clients that the component is currently using. Entries must have unique issuerURL/clientID pairs.", + "description": "currentOIDCClients is an optional list of clients that the component is currently using.\n\nEntries must have unique issuerURL/clientID pairs.", "type": "array", "items": { "default": {}, @@ -10252,7 +10252,7 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformSpec" }, "type": { - "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"IBMCloud\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\", \"External\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", "type": "string", "default": "" }, @@ -10547,7 +10547,7 @@ "default": "" }, "prefix": { - "description": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "description": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", "type": "string", "default": "" } @@ -11462,7 +11462,7 @@ ], "properties": { "extra": { - "description": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity. key values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", + "description": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity.\n\nkey values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", "type": "array", "items": { "default": {}, @@ -11474,12 +11474,12 @@ "x-kubernetes-list-type": "map" }, "groups": { - "description": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider. When referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (','). For example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", + "description": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.\n\nWhen referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (',').\n\nFor example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.PrefixedClaimMapping" }, "uid": { - "description": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time. The current default is to use the 'sub' claim.", + "description": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time.\n\nThe current default is to use the 'sub' claim.", "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping" }, "username": { @@ -11580,7 +11580,7 @@ "x-kubernetes-list-type": "set" }, "discoveryURL": { - "description": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `url` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", + "description": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", "type": "string" }, "issuerCertificateAuthority": { @@ -11623,7 +11623,7 @@ ], "properties": { "expression": { - "description": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc. The expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", + "description": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc.\n\nThe expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", "type": "string" }, "message": { @@ -11731,7 +11731,7 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernamePrefix" }, "prefixPolicy": { - "description": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. As an example, consider the following scenario:\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + "description": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim.\n\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", "type": "string", "default": "" } @@ -12242,7 +12242,7 @@ } }, "resources": { - "description": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", + "description": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", "items": { "default": {}, @@ -12263,7 +12263,7 @@ "x-kubernetes-list-type": "set" }, "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "type": "array", "items": { "default": {}, @@ -12272,7 +12272,7 @@ "x-kubernetes-list-type": "atomic" }, "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "description": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { "default": {}, @@ -12427,6 +12427,100 @@ } } }, + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig": { + "description": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec" + }, + "status": { + "description": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus" + } + } + }, + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigList": { + "description": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec": { + "description": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "type": "object", + "properties": { + "matchImages": { + "description": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus": { + "description": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + "type": "object", + "properties": { + "conditions": { + "description": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + } + }, "com.github.openshift.api.config.v1alpha1.ClusterImagePolicy": { "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -12608,6 +12702,11 @@ "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusConfig" }, + "prometheusOperatorConfig": { + "description": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig" + }, "userDefined": { "description": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", "default": {}, @@ -13072,7 +13171,7 @@ } }, "resources": { - "description": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", + "description": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", "items": { "default": {}, @@ -13084,7 +13183,7 @@ "x-kubernetes-list-type": "map" }, "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "type": "array", "items": { "default": {}, @@ -13093,7 +13192,7 @@ "x-kubernetes-list-type": "atomic" }, "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "description": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { "default": {}, @@ -13428,6 +13527,58 @@ } } }, + "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig": { + "description": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + "type": "object", + "properties": { + "logLevel": { + "description": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "type": "string" + }, + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + } + } + }, "com.github.openshift.api.config.v1alpha1.QueueConfig": { "description": "QueueConfig allows tuning configuration for remote write queue parameters.", "type": "object", @@ -15146,9 +15297,13 @@ "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSource" }, "type": { - "description": "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"", + "description": "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"\n\nPossible enum values:\n - `\"ContainerImport\"` A sample that let the user import a container image.\n - `\"GitImport\"` A sample that let the user import code from a git repository.", "type": "string", - "default": "" + "default": "", + "enum": [ + "ContainerImport", + "GitImport" + ] } }, "x-kubernetes-unions": [ @@ -15349,6 +15504,250 @@ } } }, + "com.github.openshift.api.etcd.v1alpha1.PacemakerCluster": { + "description": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "metadata" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "status": { + "description": "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus" + } + } + }, + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus": { + "description": "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", + "type": "object", + "required": [ + "conditions", + "name", + "method" + ], + "properties": { + "conditions": { + "description": "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "method": { + "description": "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.\n\nPossible enum values:\n - `\"IPMI\"` uses IPMI (Intelligent Platform Management Interface), a hardware management interface.\n - `\"Redfish\"` uses Redfish, a standard RESTful API for server management.", + "type": "string", + "enum": [ + "IPMI", + "Redfish" + ] + }, + "name": { + "description": "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", + "type": "string" + } + } + }, + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterList": { + "description": "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of PacemakerCluster objects.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerCluster" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus": { + "description": "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", + "type": "object", + "required": [ + "conditions", + "nodeName", + "addresses", + "resources", + "fencingAgents" + ], + "properties": { + "addresses": { + "description": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress" + }, + "x-kubernetes-list-type": "atomic" + }, + "conditions": { + "description": "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "fencingAgents": { + "description": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "nodeName": { + "description": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "type": "string" + }, + "resources": { + "description": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus": { + "description": "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", + "type": "object", + "required": [ + "conditions", + "name" + ], + "properties": { + "conditions": { + "description": "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "name": { + "description": "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.\n\nPossible enum values:\n - `\"Etcd\"` is the etcd pacemaker resource. The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations.\n - `\"Kubelet\"` is the kubelet pacemaker resource. The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments.", + "type": "string", + "enum": [ + "Etcd", + "Kubelet" + ] + } + } + }, + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus": { + "description": "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", + "type": "object", + "required": [ + "conditions", + "lastUpdated", + "nodes" + ], + "properties": { + "conditions": { + "description": "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "lastUpdated": { + "description": "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "nodes": { + "description": "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus" + }, + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress": { + "description": "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", + "type": "object", + "required": [ + "type", + "address" + ], + "properties": { + "address": { + "description": "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", + "type": "string" + }, + "type": { + "description": "type is the type of node address. Currently only \"InternalIP\" is supported.\n\nPossible enum values:\n - `\"InternalIP\"` is an internal IP address assigned to the node. This is typically the IP address used for intra-cluster communication.", + "type": "string", + "enum": [ + "InternalIP" + ] + } + } + }, "com.github.openshift.api.example.v1.CELUnion": { "description": "CELUnion demonstrates how to use a discriminated union and how to validate it using CEL.", "type": "object", @@ -25431,6 +25830,10 @@ "format": "int32", "default": 0 }, + "synchronizedAPI": { + "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + "type": "string" + }, "synchronizedGeneration": { "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", "type": "integer", @@ -25534,6 +25937,10 @@ "description": "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, + "synchronizedAPI": { + "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + "type": "string" + }, "synchronizedGeneration": { "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", "type": "integer", diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index d3058c46bdb..570805c1f2c 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1912,6 +1912,7 @@ spec: Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. maxProperties: 50 + minProperties: 0 type: object metadataConfig: description: |- @@ -1920,6 +1921,7 @@ spec: io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases. + minProperties: 0 properties: mode: description: |- @@ -1939,6 +1941,7 @@ spec: Minimum value is 1 second. Maximum value is 24 hours. maxLength: 20 + minLength: 1 type: string type: object name: @@ -2040,6 +2043,7 @@ spec: Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. maxProperties: 20 + minProperties: 0 type: object scopes: description: |- @@ -2052,6 +2056,7 @@ spec: minLength: 1 type: string maxItems: 20 + minItems: 0 type: array x-kubernetes-list-type: atomic tokenUrl: @@ -2191,6 +2196,7 @@ spec: description: |- sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed. + minProperties: 0 properties: accessKey: description: |- @@ -2521,6 +2527,7 @@ spec: description: |- labelMap configures the LabelMap action. Required when type is LabelMap. + minProperties: 0 properties: replacement: description: |- @@ -2529,6 +2536,7 @@ spec: The default value is "$1" (the first capture group). Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string type: object lowercase: @@ -2560,6 +2568,7 @@ spec: Setting to an empty string ("") explicitly clears the target label value. Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string targetLabel: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index e00e0ceb2c4..398f6e5a2f5 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1912,6 +1912,7 @@ spec: Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. maxProperties: 50 + minProperties: 0 type: object metadataConfig: description: |- @@ -1920,6 +1921,7 @@ spec: io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases. + minProperties: 0 properties: mode: description: |- @@ -1939,6 +1941,7 @@ spec: Minimum value is 1 second. Maximum value is 24 hours. maxLength: 20 + minLength: 1 type: string type: object name: @@ -2040,6 +2043,7 @@ spec: Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. maxProperties: 20 + minProperties: 0 type: object scopes: description: |- @@ -2052,6 +2056,7 @@ spec: minLength: 1 type: string maxItems: 20 + minItems: 0 type: array x-kubernetes-list-type: atomic tokenUrl: @@ -2191,6 +2196,7 @@ spec: description: |- sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed. + minProperties: 0 properties: accessKey: description: |- @@ -2521,6 +2527,7 @@ spec: description: |- labelMap configures the LabelMap action. Required when type is LabelMap. + minProperties: 0 properties: replacement: description: |- @@ -2529,6 +2536,7 @@ spec: The default value is "$1" (the first capture group). Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string type: object lowercase: @@ -2560,6 +2568,7 @@ spec: Setting to an empty string ("") explicitly clears the target label value. Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string targetLabel: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 68ab75b2072..7398d618c5b 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1912,6 +1912,7 @@ spec: Maximum of 50 headers can be specified. Each header name must be between 1 and 256 characters, and each header value must be between 0 and 4096 characters. maxProperties: 50 + minProperties: 0 type: object metadataConfig: description: |- @@ -1920,6 +1921,7 @@ spec: io.prometheus.write.v2.Request is used, metadata is always sent. When omitted, no metadata is sent. Metadata configuration is subject to change at any point or be removed in future releases. + minProperties: 0 properties: mode: description: |- @@ -1939,6 +1941,7 @@ spec: Minimum value is 1 second. Maximum value is 24 hours. maxLength: 20 + minLength: 1 type: string type: object name: @@ -2040,6 +2043,7 @@ spec: Maximum of 20 parameters can be specified. Each parameter name must be between 1 and 256 characters, and each parameter value must be between 0 and 4096 characters. maxProperties: 20 + minProperties: 0 type: object scopes: description: |- @@ -2052,6 +2056,7 @@ spec: minLength: 1 type: string maxItems: 20 + minItems: 0 type: array x-kubernetes-list-type: atomic tokenUrl: @@ -2191,6 +2196,7 @@ spec: description: |- sigv4 defines AWS Signature Version 4 authentication settings. When omitted, no AWS SigV4 authentication is performed. + minProperties: 0 properties: accessKey: description: |- @@ -2521,6 +2527,7 @@ spec: description: |- labelMap configures the LabelMap action. Required when type is LabelMap. + minProperties: 0 properties: replacement: description: |- @@ -2529,6 +2536,7 @@ spec: The default value is "$1" (the first capture group). Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string type: object lowercase: @@ -2560,6 +2568,7 @@ spec: Setting to an empty string ("") explicitly clears the target label value. Must be at most 255 characters in length. maxLength: 255 + minLength: 0 type: string targetLabel: description: |-