From 83c1357222e497446a51e11c79f4d49fd8d1a6f1 Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Thu, 21 May 2026 09:54:14 +0200 Subject: [PATCH 1/2] Add userAlertmanagerConfigSelection to ClusterMonitoring API Restore parity with the cluster-monitoring-config ConfigMap field enableUserAlertmanagerConfig that was removed from AlertmanagerConfig during API review (#2148). userAlertmanagerConfigSelection uses Selectable and None enum values (kube-api-linter nobools) instead of a boolean: Selectable matches enableUserAlertmanagerConfig: true, None matches false. The platform Alertmanager in openshift-monitoring discovers AlertmanagerConfig resources in user-defined namespaces only when set to Selectable and user-workload Alertmanager is not enabled. Omitted defaults to None. Includes CRD/OpenAPI codegen and integration tests. Co-authored-by: Cursor --- .../ClusterMonitoringConfig.yaml | 30 +++++++++++++ config/v1alpha1/types_cluster_monitoring.go | 29 +++++++++++++ ...ig-operator_01_clustermonitorings.crd.yaml | 18 ++++++++ .../ClusterMonitoringConfig.yaml | 18 ++++++++ .../zz_generated.swagger_doc_generated.go | 7 +-- .../generated_openapi/zz_generated.openapi.go | 8 ++++ openapi/openapi.json | 43 +++++++++++-------- ...ig-operator_01_clustermonitorings.crd.yaml | 18 ++++++++ 8 files changed, 151 insertions(+), 20 deletions(-) diff --git a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 4af134c0d34..904149c57a2 100644 --- a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -18,6 +18,36 @@ tests: spec: userDefined: mode: "Disabled" + - name: Should accept userAlertmanagerConfigSelection on alertmanagerConfig + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + alertmanagerConfig: + deploymentMode: "DefaultConfig" + userAlertmanagerConfigSelection: Selectable + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + alertmanagerConfig: + deploymentMode: "DefaultConfig" + userAlertmanagerConfigSelection: Selectable + - name: Should reject invalid userAlertmanagerConfigSelection on alertmanagerConfig + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + alertmanagerConfig: + deploymentMode: "DefaultConfig" + userAlertmanagerConfigSelection: Enabled + expectedError: 'spec.alertmanagerConfig.userAlertmanagerConfigSelection: Unsupported value: "Enabled": supported values: "Selectable", "None"' - name: Should reject ContainerResource with duplicate names initial: | apiVersion: config.openshift.io/v1alpha1 diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 1f8693492d2..e3df02c03f8 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -794,8 +794,37 @@ type AlertmanagerConfig struct { // When set to CustomConfig, the Alertmanager will be deployed with custom configuration. // +optional CustomConfig AlertmanagerCustomConfig `json:"customConfig,omitempty,omitzero"` + // userAlertmanagerConfigSelection is an optional field that controls whether user-defined + // namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager + // instance in the `openshift-monitoring` namespace. + // Valid values are Selectable and None. + // When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources + // in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in + // the cluster-monitoring-config ConfigMap. + // When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups + // on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` + // in the cluster-monitoring-config ConfigMap. + // This setting only applies when the user-workload monitoring Alertmanager is not enabled. + // When omitted, the default value is None. + // +optional + // +kubebuilder:validation:Enum=Selectable;None + UserAlertmanagerConfigSelection UserAlertmanagerConfigSelection `json:"userAlertmanagerConfigSelection,omitempty"` } +// UserAlertmanagerConfigSelection controls whether the platform Alertmanager selects +// AlertmanagerConfig resources from user-defined namespaces. +// +enum +type UserAlertmanagerConfigSelection string + +const ( + // UserAlertmanagerConfigSelectionSelectable enables user-defined namespaces to be selected + // for AlertmanagerConfig lookups on the platform Alertmanager. + UserAlertmanagerConfigSelectionSelectable UserAlertmanagerConfigSelection = "Selectable" + // UserAlertmanagerConfigSelectionNone disables user-defined namespaces from being selected + // for AlertmanagerConfig lookups on the platform Alertmanager. + UserAlertmanagerConfigSelectionNone UserAlertmanagerConfigSelection = "None" +) + // AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. // alertmanagerCustomConfig provides configuration options for the default Alertmanager instance // that runs in the `openshift-monitoring` namespace. Use this configuration to control diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml index b6968ddb931..2ce17602cbc 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml @@ -888,6 +888,24 @@ spec: - DefaultConfig - CustomConfig type: string + userAlertmanagerConfigSelection: + description: |- + userAlertmanagerConfigSelection is an optional field that controls whether user-defined + namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager + instance in the `openshift-monitoring` namespace. + Valid values are Selectable and None. + When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources + in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in + the cluster-monitoring-config ConfigMap. + When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups + on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` + in the cluster-monitoring-config ConfigMap. + This setting only applies when the user-workload monitoring Alertmanager is not enabled. + When omitted, the default value is None. + enum: + - Selectable + - None + type: string required: - deploymentMode type: object diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 34b63cefbbc..6b384038968 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -888,6 +888,24 @@ spec: - DefaultConfig - CustomConfig type: string + userAlertmanagerConfigSelection: + description: |- + userAlertmanagerConfigSelection is an optional field that controls whether user-defined + namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager + instance in the `openshift-monitoring` namespace. + Valid values are Selectable and None. + When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources + in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in + the cluster-monitoring-config ConfigMap. + When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups + on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` + in the cluster-monitoring-config ConfigMap. + This setting only applies when the user-workload monitoring Alertmanager is not enabled. + When omitted, the default value is None. + enum: + - Selectable + - None + type: string required: - deploymentMode type: object diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 0b364ee25cb..1530d8898e3 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -96,9 +96,10 @@ func (AdditionalAlertmanagerConfig) SwaggerDoc() map[string]string { } var map_AlertmanagerConfig = map[string]string{ - "": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", - "deploymentMode": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", - "customConfig": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + "deploymentMode": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "customConfig": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "userAlertmanagerConfigSelection": "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, the default value is None.", } func (AlertmanagerConfig) SwaggerDoc() map[string]string { diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index e3fde46a4c3..f546899bc19 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -23071,6 +23071,14 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref common.Referenc Ref: ref("github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig"), }, }, + "userAlertmanagerConfigSelection": { + SchemaProps: spec.SchemaProps{ + Description: "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, the default value is None.\n\nPossible enum values:\n - `\"None\"` disables user-defined namespaces from being selected for AlertmanagerConfig lookups on the platform Alertmanager.\n - `\"Selectable\"` enables user-defined namespaces to be selected for AlertmanagerConfig lookups on the platform Alertmanager.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"None", "Selectable"}, + }, + }, }, Required: []string{"deploymentMode"}, }, diff --git a/openapi/openapi.json b/openapi/openapi.json index 0ef7fb0e1c5..e75eb993d04 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -20662,6 +20662,19 @@ } } }, + "com.github.openshift.api.config.v1.NetworkObservabilitySpec": { + "description": "NetworkObservabilitySpec defines the configuration for network observability installation", + "type": "object", + "required": [ + "installationPolicy" + ], + "properties": { + "installationPolicy": { + "description": "installationPolicy controls whether network observability is installed during cluster deployment. Valid values are \"InstallAndEnable\" and \"NoAction\". When set to \"InstallAndEnable\", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again. When set to \"NoAction\", nothing will be done regarding Network observability.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1.NetworkSpec": { "description": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", "type": "object", @@ -20689,6 +20702,11 @@ "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnostics" }, + "networkObservability": { + "description": "networkObservability is an optional field that configures network observability installation during cluster deployment (day-0). When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkObservabilitySpec" + }, "networkType": { "description": "networkType is the plugin that is to be deployed (e.g. OVNKubernetes). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OVNKubernetes This field is immutable after installation.", "type": "string", @@ -24087,6 +24105,14 @@ "deploymentMode": { "description": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", "type": "string" + }, + "userAlertmanagerConfigSelection": { + "description": "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, the default value is None.\n\nPossible enum values:\n - `\"None\"` disables user-defined namespaces from being selected for AlertmanagerConfig lookups on the platform Alertmanager.\n - `\"Selectable\"` enables user-defined namespaces to be selected for AlertmanagerConfig lookups on the platform Alertmanager.", + "type": "string", + "enum": [ + "None", + "Selectable" + ] } } }, @@ -25303,14 +25329,6 @@ "type": "integer", "format": "int32" }, - "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, "resources": { "description": "resources defines the compute resource requests and limits for the node-exporter container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 8m\n limit: null\n - name: memory\n request: 32Mi\n limit: null", "type": "array", @@ -25322,15 +25340,6 @@ "name" ], "x-kubernetes-list-type": "map" - }, - "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is to tolerate all taints (operator: Exists without any key), which is typical for DaemonSets that must run on every node. Maximum length for this list is 10. Minimum length for this list is 1.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" } } }, diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml index b6968ddb931..2ce17602cbc 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml @@ -888,6 +888,24 @@ spec: - DefaultConfig - CustomConfig type: string + userAlertmanagerConfigSelection: + description: |- + userAlertmanagerConfigSelection is an optional field that controls whether user-defined + namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager + instance in the `openshift-monitoring` namespace. + Valid values are Selectable and None. + When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources + in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in + the cluster-monitoring-config ConfigMap. + When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups + on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` + in the cluster-monitoring-config ConfigMap. + This setting only applies when the user-workload monitoring Alertmanager is not enabled. + When omitted, the default value is None. + enum: + - Selectable + - None + type: string required: - deploymentMode type: object From f9a89e1d9651c173ec6bbc705b37bd5ba1f7000c Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Wed, 27 May 2026 17:10:40 +0200 Subject: [PATCH 2/2] Move userAlertmanagerConfigSelection under alertmanager customConfig Address API review feedback to colocate user-namespace AlertmanagerConfig lookup settings with other Alertmanager deployment options in AlertmanagerCustomConfig. The field is only valid when deploymentMode is CustomConfig, matching the customConfig union semantics. Update integration tests and regenerated CRD/OpenAPI artifacts. Co-authored-by: Cursor --- .../ClusterMonitoringConfig.yaml | 21 ++-- config/v1alpha1/types_cluster_monitoring.go | 34 +++--- ...ig-operator_01_clustermonitorings.crd.yaml | 37 +++--- .../ClusterMonitoringConfig.yaml | 37 +++--- .../zz_generated.swagger_doc_generated.go | 24 ++-- .../generated_openapi/zz_generated.openapi.go | 18 +-- openapi/openapi.json | 113 ++++++++++++------ ...ig-operator_01_clustermonitorings.crd.yaml | 37 +++--- 8 files changed, 185 insertions(+), 136 deletions(-) diff --git a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 904149c57a2..96a5fd41658 100644 --- a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -18,7 +18,7 @@ tests: spec: userDefined: mode: "Disabled" - - name: Should accept userAlertmanagerConfigSelection on alertmanagerConfig + - name: Should accept userAlertmanagerConfigSelection on alertmanagerConfig customConfig initial: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -26,8 +26,9 @@ tests: userDefined: mode: "Disabled" alertmanagerConfig: - deploymentMode: "DefaultConfig" - userAlertmanagerConfigSelection: Selectable + deploymentMode: "CustomConfig" + customConfig: + userAlertmanagerConfigSelection: Selectable expected: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -35,9 +36,10 @@ tests: userDefined: mode: "Disabled" alertmanagerConfig: - deploymentMode: "DefaultConfig" - userAlertmanagerConfigSelection: Selectable - - name: Should reject invalid userAlertmanagerConfigSelection on alertmanagerConfig + deploymentMode: "CustomConfig" + customConfig: + userAlertmanagerConfigSelection: Selectable + - name: Should reject invalid userAlertmanagerConfigSelection on alertmanagerConfig customConfig initial: | apiVersion: config.openshift.io/v1alpha1 kind: ClusterMonitoring @@ -45,9 +47,10 @@ tests: userDefined: mode: "Disabled" alertmanagerConfig: - deploymentMode: "DefaultConfig" - userAlertmanagerConfigSelection: Enabled - expectedError: 'spec.alertmanagerConfig.userAlertmanagerConfigSelection: Unsupported value: "Enabled": supported values: "Selectable", "None"' + deploymentMode: "CustomConfig" + customConfig: + userAlertmanagerConfigSelection: Enabled + expectedError: 'spec.alertmanagerConfig.customConfig.userAlertmanagerConfigSelection: Unsupported value: "Enabled": supported values: "Selectable", "None"' - name: Should reject ContainerResource with duplicate names initial: | apiVersion: config.openshift.io/v1alpha1 diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index e3df02c03f8..4c0d23b9eea 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -794,21 +794,6 @@ type AlertmanagerConfig struct { // When set to CustomConfig, the Alertmanager will be deployed with custom configuration. // +optional CustomConfig AlertmanagerCustomConfig `json:"customConfig,omitempty,omitzero"` - // userAlertmanagerConfigSelection is an optional field that controls whether user-defined - // namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager - // instance in the `openshift-monitoring` namespace. - // Valid values are Selectable and None. - // When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources - // in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in - // the cluster-monitoring-config ConfigMap. - // When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups - // on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` - // in the cluster-monitoring-config ConfigMap. - // This setting only applies when the user-workload monitoring Alertmanager is not enabled. - // When omitted, the default value is None. - // +optional - // +kubebuilder:validation:Enum=Selectable;None - UserAlertmanagerConfigSelection UserAlertmanagerConfigSelection `json:"userAlertmanagerConfigSelection,omitempty"` } // UserAlertmanagerConfigSelection controls whether the platform Alertmanager selects @@ -828,9 +813,26 @@ const ( // AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. // alertmanagerCustomConfig provides configuration options for the default Alertmanager instance // that runs in the `openshift-monitoring` namespace. Use this configuration to control -// whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled. +// whether user-defined namespaces are selected for AlertmanagerConfig lookups, how it logs, +// and how its pods are scheduled. // +kubebuilder:validation:MinProperties=1 type AlertmanagerCustomConfig struct { + // userAlertmanagerConfigSelection is an optional field that controls whether user-defined + // namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager + // instance in the `openshift-monitoring` namespace. + // Valid values are Selectable and None. + // When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources + // in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in + // the cluster-monitoring-config ConfigMap. + // When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups + // on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` + // in the cluster-monitoring-config ConfigMap. + // This setting only applies when the user-workload monitoring Alertmanager is not enabled. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `None`. + // +optional + // +kubebuilder:validation:Enum=Selectable;None + UserAlertmanagerConfigSelection UserAlertmanagerConfigSelection `json:"userAlertmanagerConfigSelection,omitempty"` // logLevel defines the verbosity of logs emitted by Alertmanager. // This field allows users to control the amount and severity of logs generated, which can be useful // for debugging issues or reducing noise in production environments. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml index 2ce17602cbc..61a7ba6e37b 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml @@ -453,6 +453,25 @@ spec: - topologyKey - whenUnsatisfiable x-kubernetes-list-type: map + userAlertmanagerConfigSelection: + description: |- + userAlertmanagerConfigSelection is an optional field that controls whether user-defined + namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager + instance in the `openshift-monitoring` namespace. + Valid values are Selectable and None. + When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources + in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in + the cluster-monitoring-config ConfigMap. + When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups + on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` + in the cluster-monitoring-config ConfigMap. + This setting only applies when the user-workload monitoring Alertmanager is not enabled. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `None`. + enum: + - Selectable + - None + type: string volumeClaimTemplate: description: |- volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to @@ -888,24 +907,6 @@ spec: - DefaultConfig - CustomConfig type: string - userAlertmanagerConfigSelection: - description: |- - userAlertmanagerConfigSelection is an optional field that controls whether user-defined - namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager - instance in the `openshift-monitoring` namespace. - Valid values are Selectable and None. - When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources - in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in - the cluster-monitoring-config ConfigMap. - When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups - on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` - in the cluster-monitoring-config ConfigMap. - This setting only applies when the user-workload monitoring Alertmanager is not enabled. - When omitted, the default value is None. - enum: - - Selectable - - None - type: string required: - deploymentMode type: object diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 6b384038968..2f723fc78ca 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -453,6 +453,25 @@ spec: - topologyKey - whenUnsatisfiable x-kubernetes-list-type: map + userAlertmanagerConfigSelection: + description: |- + userAlertmanagerConfigSelection is an optional field that controls whether user-defined + namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager + instance in the `openshift-monitoring` namespace. + Valid values are Selectable and None. + When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources + in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in + the cluster-monitoring-config ConfigMap. + When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups + on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` + in the cluster-monitoring-config ConfigMap. + This setting only applies when the user-workload monitoring Alertmanager is not enabled. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `None`. + enum: + - Selectable + - None + type: string volumeClaimTemplate: description: |- volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to @@ -888,24 +907,6 @@ spec: - DefaultConfig - CustomConfig type: string - userAlertmanagerConfigSelection: - description: |- - userAlertmanagerConfigSelection is an optional field that controls whether user-defined - namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager - instance in the `openshift-monitoring` namespace. - Valid values are Selectable and None. - When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources - in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in - the cluster-monitoring-config ConfigMap. - When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups - on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` - in the cluster-monitoring-config ConfigMap. - This setting only applies when the user-workload monitoring Alertmanager is not enabled. - When omitted, the default value is None. - enum: - - Selectable - - None - type: string required: - deploymentMode type: object diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 1530d8898e3..63f833a0fc3 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -96,10 +96,9 @@ func (AdditionalAlertmanagerConfig) SwaggerDoc() map[string]string { } var map_AlertmanagerConfig = map[string]string{ - "": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", - "deploymentMode": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", - "customConfig": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", - "userAlertmanagerConfigSelection": "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, the default value is None.", + "": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + "deploymentMode": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "customConfig": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", } func (AlertmanagerConfig) SwaggerDoc() map[string]string { @@ -107,14 +106,15 @@ func (AlertmanagerConfig) SwaggerDoc() map[string]string { } var map_AlertmanagerCustomConfig = map[string]string{ - "": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", - "logLevel": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", - "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", - "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", - "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", - "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", + "": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether user-defined namespaces are selected for AlertmanagerConfig lookups, how it logs, and how its pods are scheduled.", + "userAlertmanagerConfigSelection": "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `None`.", + "logLevel": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", } func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string { diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index f546899bc19..6bfbe6e03ad 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -23071,14 +23071,6 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref common.Referenc Ref: ref("github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig"), }, }, - "userAlertmanagerConfigSelection": { - SchemaProps: spec.SchemaProps{ - Description: "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, the default value is None.\n\nPossible enum values:\n - `\"None\"` disables user-defined namespaces from being selected for AlertmanagerConfig lookups on the platform Alertmanager.\n - `\"Selectable\"` enables user-defined namespaces to be selected for AlertmanagerConfig lookups on the platform Alertmanager.", - Type: []string{"string"}, - Format: "", - Enum: []interface{}{"None", "Selectable"}, - }, - }, }, Required: []string{"deploymentMode"}, }, @@ -23092,9 +23084,17 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + Description: "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether user-defined namespaces are selected for AlertmanagerConfig lookups, how it logs, and how its pods are scheduled.", Type: []string{"object"}, Properties: map[string]spec.Schema{ + "userAlertmanagerConfigSelection": { + SchemaProps: spec.SchemaProps{ + Description: "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `None`.\n\nPossible enum values:\n - `\"None\"` disables user-defined namespaces from being selected for AlertmanagerConfig lookups on the platform Alertmanager.\n - `\"Selectable\"` enables user-defined namespaces to be selected for AlertmanagerConfig lookups on the platform Alertmanager.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"None", "Selectable"}, + }, + }, "logLevel": { SchemaProps: spec.SchemaProps{ Description: "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", diff --git a/openapi/openapi.json b/openapi/openapi.json index e75eb993d04..604a607e405 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -16873,19 +16873,21 @@ "type": "string" }, "clientSecret": { - "description": "clientSecret is the client secret to use during the OAuth2 client credentials flow. clientSecret must be at least 1 character in length, must not exceed 256 characters in length, and must only contain printable ASCII characters.", - "type": "string" + "description": "clientSecret is a required reference to a Secret in the openshift-config namespace to be used as the client secret during the OAuth2 client credentials flow.\n\nThe key 'client-secret' is used to locate the client secret data in the Secret.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClientSecretSecretReference" }, "scopes": { - "description": "scopes is an optional list of OAuth2 scopes to request when obtaining an access token.\n\nIf not specified, the token endpoint's default scopes will be used.\n\nWhen specified, there must be at least 1 entry and must not exceed 16 entries. Each entry must be at least 1 character in length and must not exceed 256 characters in length. Each entry must only contain printable ASCII characters, excluding spaces, double quotes (\") and backslashes (\\).", + "description": "scopes is an optional list of OAuth2 scopes to request when obtaining an access token.\n\nIf not specified, the token endpoint's default scopes will be used.\n\nWhen specified, there must be at least 1 entry and must not exceed 16 entries. Each entry must be at least 1 character in length and must not exceed 256 characters in length. Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes. Entries must be unique.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" }, "tls": { - "description": "tls is an optional field that allows configuring the TLS settings used to interact with the identity provider as an OAuth2 client.", + "description": "tls is an optional field that allows configuring the TLS settings used to interact with the identity provider as an OAuth2 client.\n\nWhen omitted, system default TLS settings will be used for the OAuth2 client.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalSourceTLS" }, @@ -16895,6 +16897,19 @@ } } }, + "com.github.openshift.api.config.v1.ClientSecretSecretReference": { + "description": "ClientSecretSecretReference is a reference to a Secret in the openshift-config namespace that should be used for configuring the client secret to be used when sourcing claims from external sources with the client credential authentication flow.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is the required name of the Secret that exists in the openshift-config namespace.\n\nIt must be at least 1 character in length, must not exceed 253 characters in length, must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1.CloudControllerManagerStatus": { "description": "CloudControllerManagerStatus holds the state of Cloud Controller Manager (a.k.a. CCM or CPI) related settings", "type": "object", @@ -18180,36 +18195,36 @@ ], "properties": { "authentication": { - "description": "authentication is an optional field that configures how the apiserver authenticates with an external claims source. When not specified, anonymous authentication is used.", + "description": "authentication is an optional field that configures how the apiserver authenticates with an external claims source. When not specified, anonymous authentication is used which means no 'Authorization' header is sent in the HTTP request to fetch the external claims.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalSourceAuthentication" }, - "conditions": { - "description": "conditions is an optional list of conditions in which claims should attempt to be fetched from this external source.\n\nWhen omitted or empty, claims are always attempted to be fetched from this external source.\n\nWhen specified, all conditions must evaluate to 'true' before claims are attempted to be fetched from this external source.\n\nconditions must not exceed 16 entries. Entries must have unique expressions.", + "mappings": { + "description": "mappings is a required list of the claim and response handling expression pairs that produces the claims from the external source. mappings must have at least 1 entry and must not exceed 16 entries. Entries must have a unique name across all external claim sources.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalSourceCondition" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SourcedClaimMapping" }, "x-kubernetes-list-map-keys": [ - "expression" + "name" ], "x-kubernetes-list-type": "map" }, - "mappings": { - "description": "mappings is a required list of the claim and response handling expression pairs that produces the claims from the external source. mappings must have at least 1 entry and must not exceed 16 entries. Entries must have a unique name across all external claim sources.", + "predicates": { + "description": "predicates is an optional list of constraints in which claims should attempt to be fetched from this external source.\n\nWhen omitted, claims are always fetched from this external source.\n\nWhen specified, all predicates must evaluate to 'true' before claims are attempted to be fetched from this external source. predicates must have at least 1 entry and must not exceed 16 entries. Entries must have unique expressions.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SourcedClaimMapping" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalSourcePredicate" }, "x-kubernetes-list-map-keys": [ - "name" + "expression" ], "x-kubernetes-list-type": "map" }, "tls": { - "description": "tls is an optional field that configures the http client TLS settings when fetching external claims from this source.", + "description": "tls is an optional field that configures the http client TLS settings when fetching external claims from this source.\n\nWhen omitted, system default TLS settings will be used for fetching claims from the external source.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalSourceTLS" }, @@ -18307,28 +18322,28 @@ } } }, - "com.github.openshift.api.config.v1.ExternalSourceCertificateAuthoritySecretReference": { - "description": "CertificateAuthoritySecretReference is a reference to a Secret in the openshift-config namespace that should be used for configuring the certificate authority to be used when sourcing claims from external sources.", + "com.github.openshift.api.config.v1.ExternalSourceCertificateAuthorityConfigMapReference": { + "description": "ExternalSourceCertificateAuthorityConfigMapReference is a reference to a ConfigMap in the openshift-config namespace that should be used for configuring the certificate authority to be used when sourcing claims from external sources.", "type": "object", "required": [ "name" ], "properties": { "name": { - "description": "name is the required name of the Secret that exists in the openshift-config namespace.\n\nIt must be at least 1 character in length, must not exceed 253 characters in length, must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'.", + "description": "name is the required name of the ConfigMap that exists in the openshift-config namespace. The key \"ca-bundle.crt\" must be present and must contain the CA certificate to be used to verify the external source's TLS certificate.\n\nIt must be at least 1 character in length, must not exceed 253 characters in length, must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'.", "type": "string" } } }, - "com.github.openshift.api.config.v1.ExternalSourceCondition": { - "description": "ExternalSourceCondition configures a singular condition that must return true before the external source is queried to retrieve external claims.", + "com.github.openshift.api.config.v1.ExternalSourcePredicate": { + "description": "ExternalSourcePredicate configures a singular condition that must return true before the external source is queried to retrieve external claims.", "type": "object", "required": [ "expression" ], "properties": { "expression": { - "description": "expression is a required CEL expression that is used to determine whether or not an external source should be used to fetch external claims.\n\nThe expression must return a boolean value, where true means that the source should be consulted and false means that it should not.\n\nClaims from the token used for the request to the kube-apiserver are made available via the `claims` variable.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length.", + "description": "expression is a required CEL expression that is used to determine whether or not an external source should be used to fetch external claims.\n\nThe expression must return a boolean value, where true means that the source should be consulted and false means that it should not.\n\nClaims from the token used for the request to the kube-apiserver are made available via the `claims` variable.\n\nThe contents of the `claims` variable varies based on the claims that are present in the token being validated. It is the responsibility of those configuring this field to understand what claims the identity provider includes when issuing tokens.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length.", "type": "string" } } @@ -18341,9 +18356,9 @@ ], "properties": { "certificateAuthority": { - "description": "certificateAuthority is a required reference to a secret in the openshift-config namespace that contains the CA certificate to use to validate TLS connections with the external claims source.", + "description": "certificateAuthority is a required reference to a ConfigMap in the openshift-config namespace that contains the CA certificate to use to validate TLS connections with the external claims source. The key \"ca-bundle.crt\" must be present in the referenced ConfigMap and must contain the CA certificate to be used to verify the external source's TLS certificate.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalSourceCertificateAuthoritySecretReference" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalSourceCertificateAuthorityConfigMapReference" } } }, @@ -21370,7 +21385,7 @@ "x-kubernetes-list-type": "atomic" }, "externalClaimsSources": { - "description": "externalClaimSources is an optional field that can be used to configure sources, external to the token provided in a request, in which claims should be fetched from and made available to the claim mapping process that is used to build the identity of a token holder.\n\nFor example, fetching additional user metadata from an OIDC provider's UserInfo endpoint.\n\nWhen not specified, only claims present in the token itself will be available in the claim mapping process.\n\nWhen specified, at least one external claim source must be specified and no more than 5 sources may be specified.", + "description": "externalClaimsSources is an optional field that can be used to configure sources, external to the token provided in a request, in which claims should be fetched from and made available to the claim mapping process that is used to build the identity of a token holder.\n\nFor example, fetching additional user metadata from an OIDC provider's UserInfo endpoint.\n\nWhen not specified, only claims present in the token itself will be available in the claim mapping process.\n\nWhen specified, at least one external claim source must be specified and no more than 5 sources may be specified. All external claim sources must have unique claim mappings. When an external source responds and resolves additional claims successfully, they will be made available as claims during the claim mapping process. Externally sourced claims with the same name as a claim existing within the token will overwrite the claim data from the token with the externally sourced information. If an external source does not respond, responds with an error, or the additional claim data cannot be resolved from the response successfully it will not be included in the claim data passed to the claim mapping process.", "type": "array", "items": { "default": {}, @@ -22926,11 +22941,11 @@ ], "properties": { "hostname": { - "description": "hostname is a required hostname for which the external claims are located.\n\nIt must be a valid DNS subdomain name as per RFC1123.\n\nThis means that it must start and end with a lowercase alphanumeric character, must only consist of lowercase alphanumeric characters, '-', and '.'. hostname must be at least 1 character in length and must not exceed 253 characters in length. hostname may optionally specify a port in the format ':{port}'. If a port is specified it must not exceed 65535.", + "description": "hostname is a required hostname for which the external claims are located.\n\nIt must be a valid DNS subdomain name as per RFC1123.\n\nThis means that it must start and end with a lowercase alphanumeric character, must only consist of lowercase alphanumeric characters, '-', and '.'. hostname may optionally specify a port in the format ':{port}'. If a port is specified it must not exceed 65535.\n\nhostname must be at least 1 character in length. When specifying a port, hostname must not exceed 259 characters in length. When not specifying a port, hostname must not exceed 253 characters in length.", "type": "string" }, "pathExpression": { - "description": "pathExpression is a required CEL expression that returns a list of string values used to construct the URL path. Claims from the token used for the request to the kube-apiserver are made available via the `claims` variable. expression must be at least 1 character in length and must not exceed 1024 characters in length.", + "description": "pathExpression is a required CEL expression that returns a list of string values used to construct the URL path. Claims from the token used for the request to the kube-apiserver are made available via the `claims` variable. expression must be at least 1 character in length and must not exceed 1024 characters in length.\n\nValues in the returned list will be joined with the hostname using a forward slash (`/`) as a separator. Values in the returned list do not need to include the forward slash. If a forward slash is included in a returned value, it will be encoded as `%2F`.\n\nExample of a static path configuration:\n\n pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo']\n\nThe above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo'\n\nExample of a dynamic path configuration:\n\n pathExpression: \"['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']\"\n\nAssuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups'", "type": "string" } } @@ -22944,7 +22959,7 @@ ], "properties": { "expression": { - "description": "expression is a required CEL expression that will produce a value to be assigned to the claim. The full response body from the request to the external claim source is provided via the `response` variable. expression must be at least 1 character and must not exceed 1024 characters in length.", + "description": "expression is a required CEL expression that will produce a value to be assigned to the claim. The full response body from the request to the external claim source is provided via the `response.body` variable.\n\nThe contents of the `response.body` variable varies based on the response received from the external source. It is the responsibility of those configuring this expression to understand what is returned from the external source.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length.", "type": "string" }, "name": { @@ -24105,19 +24120,11 @@ "deploymentMode": { "description": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", "type": "string" - }, - "userAlertmanagerConfigSelection": { - "description": "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, the default value is None.\n\nPossible enum values:\n - `\"None\"` disables user-defined namespaces from being selected for AlertmanagerConfig lookups on the platform Alertmanager.\n - `\"Selectable\"` enables user-defined namespaces to be selected for AlertmanagerConfig lookups on the platform Alertmanager.", - "type": "string", - "enum": [ - "None", - "Selectable" - ] } } }, "com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig": { - "description": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + "description": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether user-defined namespaces are selected for AlertmanagerConfig lookups, how it logs, and how its pods are scheduled.", "type": "object", "properties": { "logLevel": { @@ -24175,6 +24182,14 @@ ], "x-kubernetes-list-type": "map" }, + "userAlertmanagerConfigSelection": { + "description": "userAlertmanagerConfigSelection is an optional field that controls whether user-defined namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager instance in the `openshift-monitoring` namespace. Valid values are Selectable and None. When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in the cluster-monitoring-config ConfigMap. When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` in the cluster-monitoring-config ConfigMap. This setting only applies when the user-workload monitoring Alertmanager is not enabled. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `None`.\n\nPossible enum values:\n - `\"None\"` disables user-defined namespaces from being selected for AlertmanagerConfig lookups on the platform Alertmanager.\n - `\"Selectable\"` enables user-defined namespaces to be selected for AlertmanagerConfig lookups on the platform Alertmanager.", + "type": "string", + "enum": [ + "None", + "Selectable" + ] + }, "volumeClaimTemplate": { "description": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", "$ref": "#/definitions/PersistentVolumeClaim.v1.core.api.k8s.io" @@ -26349,6 +26364,14 @@ "description": "ThanosQuerierConfig provides configuration options for the Thanos Querier component that runs in the `openshift-monitoring` namespace. At least one field must be specified; an empty thanosQuerierConfig object is not allowed.", "type": "object", "properties": { + "crossOriginRequestPolicy": { + "description": "crossOriginRequestPolicy configures the CORS (Cross-Origin Resource Sharing) policy for Thanos Querier's HTTP endpoints. crossOriginRequestPolicy is optional. Valid values are \"AllowAll\" and \"DenyAll\". When set to \"AllowAll\", CORS headers are added to responses, allowing cross-origin requests from any domain. When set to \"DenyAll\", no CORS headers are added and cross-origin requests are rejected by the browser. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is \"DenyAll\".", + "type": "string" + }, + "logLevel": { + "description": "logLevel defines the verbosity of logs emitted by Thanos Querier. logLevel is optional. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "type": "string" + }, "nodeSelector": { "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", "type": "object", @@ -26357,6 +26380,11 @@ "default": "" } }, + "requestLogging": { + "description": "requestLogging configures request logging for Thanos Querier. requestLogging is optional. When provided, the policy field within is required. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default behavior is to not log any requests.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ThanosQuerierRequestLoggingConfig" + }, "resources": { "description": "resources defines the compute resource requests and limits for the Thanos Querier container. resources is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Requests cannot exceed limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n - name: memory\n request: 12Mi\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", @@ -26393,6 +26421,19 @@ } } }, + "com.github.openshift.api.config.v1alpha1.ThanosQuerierRequestLoggingConfig": { + "description": "ThanosQuerierRequestLoggingConfig configures request logging for Thanos Querier.", + "type": "object", + "required": [ + "policy" + ], + "properties": { + "policy": { + "description": "policy determines which HTTP and gRPC requests are logged by Thanos Querier. Valid values are \"AllRequests\" and \"NoRequests\". When set to \"AllRequests\", every request received by Thanos Querier is logged with method, path, and response status. The log level for request logs is derived from the logLevel field. When set to \"NoRequests\", request logging is turned off.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.UppercaseActionConfig": { "description": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", "type": "object", diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml index 2ce17602cbc..61a7ba6e37b 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml @@ -453,6 +453,25 @@ spec: - topologyKey - whenUnsatisfiable x-kubernetes-list-type: map + userAlertmanagerConfigSelection: + description: |- + userAlertmanagerConfigSelection is an optional field that controls whether user-defined + namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager + instance in the `openshift-monitoring` namespace. + Valid values are Selectable and None. + When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources + in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in + the cluster-monitoring-config ConfigMap. + When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups + on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` + in the cluster-monitoring-config ConfigMap. + This setting only applies when the user-workload monitoring Alertmanager is not enabled. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `None`. + enum: + - Selectable + - None + type: string volumeClaimTemplate: description: |- volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to @@ -888,24 +907,6 @@ spec: - DefaultConfig - CustomConfig type: string - userAlertmanagerConfigSelection: - description: |- - userAlertmanagerConfigSelection is an optional field that controls whether user-defined - namespaces can be selected for AlertmanagerConfig lookups on the platform Alertmanager - instance in the `openshift-monitoring` namespace. - Valid values are Selectable and None. - When set to Selectable, the platform Alertmanager discovers AlertmanagerConfig resources - in user-defined namespaces. This is equivalent to `enableUserAlertmanagerConfig: true` in - the cluster-monitoring-config ConfigMap. - When set to None, user-defined namespaces are not selected for AlertmanagerConfig lookups - on the platform Alertmanager. This is equivalent to `enableUserAlertmanagerConfig: false` - in the cluster-monitoring-config ConfigMap. - This setting only applies when the user-workload monitoring Alertmanager is not enabled. - When omitted, the default value is None. - enum: - - Selectable - - None - type: string required: - deploymentMode type: object