diff --git a/src/app_charts/prometheus/BUILD.bazel b/src/app_charts/prometheus/BUILD.bazel index bffec0806..bd576e8b8 100644 --- a/src/app_charts/prometheus/BUILD.bazel +++ b/src/app_charts/prometheus/BUILD.bazel @@ -4,7 +4,7 @@ load("//bazel:app.bzl", "app") helm_template( name = "prometheus-operator-chart.cloud", - chart = "//third_party/kube-prometheus-stack:kube-prometheus-stack-41.5.1.tgz", + chart = "//third_party/kube-prometheus-stack:kube-prometheus-stack-56.6.2.tgz", helm_version = 3, # The namespace will later be replaced with the actual one. namespace = "HELM-NAMESPACE", @@ -15,7 +15,7 @@ helm_template( helm_template( name = "prometheus-operator-chart.robot", - chart = "//third_party/kube-prometheus-stack:kube-prometheus-stack-41.5.1.tgz", + chart = "//third_party/kube-prometheus-stack:kube-prometheus-stack-56.6.2.tgz", helm_version = 3, # The namespace will later be replaced with the actual one. namespace = "HELM-NAMESPACE", diff --git a/src/bootstrap/cloud/terraform/cluster.tf b/src/bootstrap/cloud/terraform/cluster.tf index 4665f6cec..c4564006c 100644 --- a/src/bootstrap/cloud/terraform/cluster.tf +++ b/src/bootstrap/cloud/terraform/cluster.tf @@ -4,8 +4,10 @@ # service account for the nodes. This service account cannot be used by the # workloads: see workload-identity.tf for those service accounts. +# Might need to update this to a later version if the version here is too far +# behind and is removed as a valid version. locals { - min_k8s_master_version = "1.24" + min_k8s_master_version = "1.27" } resource "google_container_cluster" "cloud-robotics" { diff --git a/third_party/kube-prometheus-stack/00-crds.yaml b/third_party/kube-prometheus-stack/00-crds.yaml index 27cf357b1..7fa1ca3c5 100644 --- a/third_party/kube-prometheus-stack/00-crds.yaml +++ b/third_party/kube-prometheus-stack/00-crds.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 + operator.prometheus.io/version: 0.71.2 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -44,8 +44,8 @@ spec: description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials of - the request + description: Selects a key of a Secret in the namespace that contains + the credentials for authentication. properties: key: description: The key of the secret to select from. Must be @@ -64,8 +64,8 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. + \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -73,8 +73,8 @@ spec: authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. + description: '`password` specifies a key of a Secret containing + the password for authentication.' properties: key: description: The key of the secret to select from. Must be @@ -93,8 +93,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. + description: '`username` specifies a key of a Secret containing + the username for authentication.' properties: key: description: The key of the secret to select from. Must be @@ -141,6 +141,12 @@ spec: jobName: description: The job name assigned to scraped metrics by default. type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. @@ -161,15 +167,16 @@ spec: metricRelabelings: description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the label + set for targets, alerts, scraped samples and remote write samples. + \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus + >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -189,30 +196,32 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label - values. + description: "Modulus to take of the hash of the source label + values. \n Only applicable when the action is `HashMod`." format: int64 type: integer regex: description: Regular expression against which the extracted - value is matched. Default is '(.*)' + value is matched. type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' + description: "Replacement value against which a Replace action + is performed if the regular expression matches. \n Regex capture + groups are available." type: string separator: - description: Separator placed between concatenated source label - values. default is ';'. + description: Separator is the string between concatenated SourceLabels. type: string sourceLabels: description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. + Their content is concatenated using the configured Separator + and matched against the configured regular expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. @@ -220,9 +229,10 @@ spec: type: string type: array targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, `HashMod`, + `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. + \n Regex capture groups are available." type: string type: object type: array @@ -236,8 +246,8 @@ spec: 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 client - id + description: '`clientId` specifies a key of a Secret or ConfigMap + containing the OAuth2 client''s ID.' properties: configMap: description: ConfigMap containing data to use for the targets. @@ -278,7 +288,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret + description: '`clientSecret` specifies a key of a Secret containing + the OAuth2 client''s secret.' properties: key: description: The key of the secret to select from. Must be @@ -299,15 +310,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token request + description: '`scopes` defines the OAuth2 scopes used for the + token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to fetch the token + from.' minLength: 1 type: string required: @@ -328,7 +342,13 @@ spec: description: Optional ProxyURL. type: string scheme: - description: HTTP scheme to use for scraping. Defaults to `http`. + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https type: string url: description: Mandatory URL of the prober. @@ -343,7 +363,7 @@ spec: type: integer scrapeTimeout: description: Timeout for scraping metrics from the Prometheus exporter. - If not specified, the Prometheus global scrape interval is used. + If not specified, the Prometheus global scrape timeout is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -381,16 +401,16 @@ spec: scrape job''s name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of + the label set for targets, alerts, scraped samples and + remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -410,30 +430,35 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." format: int64 type: integer regex: description: Regular expression against which the extracted - value is matched. Default is '(.*)' + value is matched. type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator is the string between concatenated + SourceLabels. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + Separator and matched against the configured regular + expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, @@ -442,9 +467,10 @@ spec: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: "Label to which the resulting string is + written in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array @@ -510,16 +536,16 @@ spec: description: 'RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of + the label set for targets, alerts, scraped samples and + remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -539,30 +565,35 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." format: int64 type: integer regex: description: Regular expression against which the extracted - value is matched. Default is '(.*)' + value is matched. type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator is the string between concatenated + SourceLabels. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + Separator and matched against the configured regular + expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, @@ -571,9 +602,10 @@ spec: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: "Label to which the resulting string is + written in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array @@ -588,7 +620,8 @@ spec: description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -629,7 +662,7 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert file for the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the targets. diff --git a/third_party/kube-prometheus-stack/01-crds.yaml b/third_party/kube-prometheus-stack/01-crds.yaml index 5676ec4e7..2e46e7b79 100644 --- a/third_party/kube-prometheus-stack/01-crds.yaml +++ b/third_party/kube-prometheus-stack/01-crds.yaml @@ -4,8 +4,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 + operator.prometheus.io/version: 0.71.2 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -23,8 +23,8 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to - be aggregated across multiple namespaces configuring one Alertmanager cluster. + description: AlertmanagerConfig configures the Prometheus Alertmanager, specifying + how alerts should be grouped, inhibited and notified to external systems. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -79,9 +79,9 @@ spec: minLength: 1 type: string regex: - description: Whether to match on equality (false) or regular-expression - (true). Deprecated as of AlertManager >= v0.22.0 where - a user should use MatchType instead. + description: 'Whether to match on equality (false) or + regular-expression (true). Deprecated: for AlertManager + >= v0.22.0, `matchType` should be used instead.' type: boolean value: description: Label value to match. @@ -112,9 +112,9 @@ spec: minLength: 1 type: string regex: - description: Whether to match on equality (false) or regular-expression - (true). Deprecated as of AlertManager >= v0.22.0 where - a user should use MatchType instead. + description: 'Whether to match on equality (false) or + regular-expression (true). Deprecated: for AlertManager + >= v0.22.0, `matchType` should be used instead.' type: boolean value: description: Label value to match. @@ -212,39 +212,15 @@ spec: items: description: Receiver defines one or more notification integrations. properties: - emailConfigs: - description: List of Email configurations. + discordConfigs: + description: List of Discord configurations. items: - description: EmailConfig configures notifications via Email. + description: DiscordConfig configures notifications via Discord. + See https://prometheus.io/docs/alerting/latest/configuration/#discord_config properties: - authIdentity: - description: The identity to use for authentication. - type: string - authPassword: - description: The secret's key that contains the password - to use for authentication. The secret needs to be in - the same namespace as the AlertmanagerConfig object - and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - authSecret: - description: The secret's key that contains the CRAM-MD5 - secret. The secret needs to be in the same namespace + apiURL: + description: The secret's key that contains the Discord + webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: @@ -264,82 +240,20 @@ spec: required: - key type: object - authUsername: - description: The username to use for authentication. - type: string - from: - description: The sender address. - type: string - headers: - description: Further headers email header key/value pairs. - Overrides any headers previously set by the notification - implementation. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - hello: - description: The hostname to identify to the SMTP server. - type: string - html: - description: The HTML body of the email notification. - type: string - requireTLS: - description: The SMTP TLS requirement. Note that Go does - not support unencrypted connections to remote SMTP endpoints. - type: boolean - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - smarthost: - description: The SMTP host and port through which emails - are sent. E.g. example.com:25 - type: string - text: - description: The text body of the email notification. - type: string - tlsConfig: - description: TLS configuration + x-kubernetes-map-type: atomic + httpConfig: + description: HTTP client configuration. properties: - ca: - description: Struct containing the CA cert to use - for the targets. + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -359,17 +273,24 @@ spec: - key type: object x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string type: object - cert: - description: Struct containing the client cert file - for the targets. + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. properties: - configMap: - description: ConfigMap containing data to use - for the targets. + password: + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: - description: The key to select. + description: The key of the secret to select + from. Must be a valid secret key. type: string name: description: 'Name of the referent. More info: @@ -378,16 +299,16 @@ spec: kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. + username: + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -408,12 +329,12 @@ spec: type: object x-kubernetes-map-type: atomic type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file - for the targets. + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. properties: key: description: The key of the secret to select from. Must @@ -433,61 +354,1377 @@ spec: - key type: object x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' + type: object + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. type: string - type: object - to: - description: The email address to send notifications to. + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: The template of the message's body. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + title: + description: The template of the message's title. + type: string + required: + - apiURL + type: object + type: array + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: The secret's key that contains the password + to use for authentication. The secret needs to be in + the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: The secret's key that contains the CRAM-MD5 + secret. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email header key/value pairs. + Overrides any headers previously set by the notification + implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does + not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port through which emails + are sent. E.g. example.com:25 + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + msteamsConfigs: + description: List of MSTeams configurations. It requires Alertmanager + >= 0.26.0. + items: + description: MSTeamsConfig configures notifications via Microsoft + Teams. It requires Alertmanager >= 0.26.0. + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: '`password` specifies a key of a + Secret containing the password for authentication.' + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: '`username` specifies a key of a + Secret containing the username for authentication.' + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' + type: object + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + text: + description: Message body template. + type: string + title: + description: Message title template. + type: string + webhookUrl: + description: MSTeams webhook URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - webhookUrl + type: object + type: array + name: + description: Name of the receiver. Must be unique across all + items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list of actions that will + be available for the alert. + type: string + apiKey: + description: The secret's key that contains the OpsGenie + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide + further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that can be used to specify + which domain alert is related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: '`password` specifies a key of a + Secret containing the password for authentication.' + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: '`username` specifies a key of a + Secret containing the username for authentication.' + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' + type: object + scopes: + description: '`scopes` defines the OAuth2 scopes + used for the token request.' + items: + type: string + type: array + tokenUrl: + description: '`tokenURL` configures the URL to + fetch the token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible values + are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible for notifications. + items: + description: OpsGenieConfigResponder defines a responder + to an incident. One of `id`, `name` or `username` + has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + source: + description: Backlink to the sender of the notification. + type: string + tags: + description: Comma separated list of tags attached to + the notifications. + type: string + updateAlerts: + description: Whether to update message and description + of the alert in OpsGenie if it already exists By default, + the alert is never updated in OpsGenie, the new message + only appears in activity log. + type: boolean type: object type: array - name: - description: Name of the receiver. Must be unique across all - items from the list. - minLength: 1 - type: string - opsgenieConfigs: - description: List of OpsGenie configurations. + pagerdutyConfigs: + description: List of PagerDuty configurations. items: - description: OpsGenieConfig configures notifications via OpsGenie. - See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + description: PagerDutyConfig configures notifications via + PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config properties: - actions: - description: Comma separated list of actions that will - be available for the alert. + class: + description: The class/type of the event. type: string - apiKey: - description: The secret's key that contains the OpsGenie - API key. The secret needs to be in the same namespace - as the AlertmanagerConfig object and accessible by the - Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - apiURL: - description: The URL to send OpsGenie API requests to. + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the affected system + that is broken. type: string description: description: Description of the incident. type: string details: - description: A set of arbitrary key/value pairs that provide - further detail about the incident. + description: Arbitrary key/value pairs that provide further + detail about the incident. items: description: KeyValue defines a (key, value) tuple. properties: @@ -503,9 +1740,8 @@ spec: - value type: object type: array - entity: - description: Optional field that can be used to specify - which domain alert is related to. + group: + description: A cluster or grouping of sources. type: string httpConfig: description: HTTP client configuration. @@ -517,8 +1753,9 @@ spec: v0.22+. properties: credentials: - description: The secret's key that contains the - credentials of the request + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -539,8 +1776,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -549,8 +1787,8 @@ spec: BasicAuth takes precedence. properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: description: The key of the secret to select @@ -571,8 +1809,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -617,6 +1855,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic followRedirects: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. @@ -626,8 +1865,9 @@ spec: a token for the targets. properties: clientId: - description: The secret or configmap containing - the OAuth2 client id + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' properties: configMap: description: ConfigMap containing data to @@ -675,8 +1915,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 - client secret + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select @@ -699,17 +1939,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token - URL + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token - request + description: '`scopes` defines the OAuth2 scopes + used for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to + fetch the token from.' minLength: 1 type: string required: @@ -724,8 +1965,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -773,8 +2014,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -852,107 +2093,123 @@ spec: type: string type: object type: object - message: - description: Alert text limited to 130 characters. - type: string - note: - description: Additional alert note. - type: string - priority: - description: Priority level of alert. Possible values - are P1, P2, P3, P4, and P5. - type: string - responders: - description: List of responders responsible for notifications. + pagerDutyImageConfigs: + description: A list of image details to attach that provide + further detail about an incident. items: - description: OpsGenieConfigResponder defines a responder - to an incident. One of `id`, `name` or `username` - has to be defined. + description: PagerDutyImageConfig attaches images to + an incident properties: - id: - description: ID of the responder. + alt: + description: Alt is the optional alternative text + for the image. type: string - name: - description: Name of the responder. + href: + description: Optional URL; makes the image a clickable + link. type: string - type: - description: Type of responder. - enum: - - team - - teams - - user - - escalation - - schedule - minLength: 1 + src: + description: Src of the image being attached to + the incident type: string - username: - description: Username of the responder. + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details to attach that provide + further detail about an incident. + items: + description: PagerDutyLinkConfig attaches text links + to an incident + properties: + alt: + description: Text that describes the purpose of + the link, and can be used as the link's text. + type: string + href: + description: Href is the URL of the link to be attached type: string - required: - - type type: object type: array + routingKey: + description: The secret's key that contains the PagerDuty + integration key (when using Events API v2). Either this + field or `serviceKey` needs to be defined. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic sendResolved: description: Whether or not to notify about resolved alerts. type: boolean - source: - description: Backlink to the sender of the notification. - type: string - tags: - description: Comma separated list of tags attached to - the notifications. - type: string - updateAlerts: - description: Whether to update message and description - of the alert in OpsGenie if it already exists By default, - the alert is never updated in OpsGenie, the new message - only appears in activity log. - type: boolean - type: object - type: array - pagerdutyConfigs: - description: List of PagerDuty configurations. - items: - description: PagerDutyConfig configures notifications via - PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config - properties: - class: - description: The class/type of the event. - type: string - client: - description: Client identification. - type: string - clientURL: - description: Backlink to the sender of notification. + serviceKey: + description: The secret's key that contains the PagerDuty + service key (when using integration type "Prometheus"). + Either this field or `routingKey` needs to be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + severity: + description: Severity of the incident. type: string - component: - description: The part or component of the affected system - that is broken. + url: + description: The URL to send requests to. type: string - description: - description: Description of the incident. + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + device: + description: The name of a device to send the notification + to type: string - details: - description: Arbitrary key/value pairs that provide further - detail about the incident. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - group: - description: A cluster or grouping of sources. + expire: + description: How long your notification will continue + to be retried for, unless the user acknowledges the + notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string + html: + description: Whether notification message is HTML or plain + text. + type: boolean httpConfig: description: HTTP client configuration. properties: @@ -963,8 +2220,9 @@ spec: v0.22+. properties: credentials: - description: The secret's key that contains the - credentials of the request + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -985,8 +2243,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -995,8 +2254,8 @@ spec: BasicAuth takes precedence. properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: description: The key of the secret to select @@ -1017,8 +2276,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -1063,6 +2322,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic followRedirects: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. @@ -1072,8 +2332,9 @@ spec: a token for the targets. properties: clientId: - description: The secret or configmap containing - the OAuth2 client id + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' properties: configMap: description: ConfigMap containing data to @@ -1121,8 +2382,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 - client secret + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select @@ -1145,17 +2406,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token - URL + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token - request + description: '`scopes` defines the OAuth2 scopes + used for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to + fetch the token from.' minLength: 1 type: string required: @@ -1170,8 +2432,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -1219,8 +2481,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -1298,49 +2560,35 @@ spec: type: string type: object type: object - pagerDutyImageConfigs: - description: A list of image details to attach that provide - further detail about an incident. - items: - description: PagerDutyImageConfig attaches images to - an incident - properties: - alt: - description: Alt is the optional alternative text - for the image. - type: string - href: - description: Optional URL; makes the image a clickable - link. - type: string - src: - description: Src of the image being attached to - the incident - type: string - type: object - type: array - pagerDutyLinkConfigs: - description: A list of link details to attach that provide - further detail about an incident. - items: - description: PagerDutyLinkConfig attaches text links - to an incident - properties: - alt: - description: Text that describes the purpose of - the link, and can be used as the link's text. - type: string - href: - description: Href is the URL of the link to be attached - type: string - type: object - type: array - routingKey: - description: The secret's key that contains the PagerDuty - integration key (when using Events API v2). Either this - field or `serviceKey` needs to be defined. The secret - needs to be in the same namespace as the AlertmanagerConfig - object and accessible by the Prometheus Operator. + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send + the same notification to the user. Must be at least + 30 seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by + device clients to override the user's default sound + choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that contains the registered + application's API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. Either `token` or `tokenFile` is required. properties: key: description: The key of the secret to select from. Must @@ -1358,16 +2606,26 @@ spec: required: - key type: object - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - serviceKey: - description: The secret's key that contains the PagerDuty - service key (when using integration type "Prometheus"). - Either this field or `routingKey` needs to be defined. - The secret needs to be in the same namespace as the - AlertmanagerConfig object and accessible by the Prometheus - Operator. + x-kubernetes-map-type: atomic + tokenFile: + description: The token file that contains the registered + application's API token, see https://pushover.net/apps. + Either `token` or `tokenFile` is required. It requires + Alertmanager >= v0.26.0. + type: string + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise + just the URL is shown + type: string + userKey: + description: The secret's key that contains the recipient + user's user key. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. Either `userKey` or `userKeyFile` + is required. properties: key: description: The key of the secret to select from. Must @@ -1385,30 +2643,127 @@ spec: required: - key type: object - severity: - description: Severity of the incident. - type: string - url: - description: The URL to send requests to. + x-kubernetes-map-type: atomic + userKeyFile: + description: The user key file that contains the recipient + user's user key. Either `userKey` or `userKeyFile` is + required. It requires Alertmanager >= v0.26.0. type: string type: object type: array - pushoverConfigs: - description: List of Pushover configurations. + slackConfigs: + description: List of Slack configurations. items: - description: PushoverConfig configures notifications via Pushover. - See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + description: SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config properties: - expire: - description: How long your notification will continue - to be retried for, unless the user acknowledges the - notification. - pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + actions: + description: A list of Slack actions that are sent with + each notification. + items: + description: SlackAction configures a single Slack action + that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields + and https://api.slack.com/docs/message-buttons for + more information. + properties: + confirm: + description: SlackConfirmationField protect users + from destructive actions or particularly distinguished + decisions by asking them to confirm their button + click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack + webhook URL. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + callbackId: + type: string + channel: + description: The channel or user to send notifications + to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with + each notification. + items: + description: SlackField configures a single Slack field + that is sent with each notification. Each field must + contain a title, value, and optionally, a boolean + value to indicate if the field is short enough to + be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields + for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: type: string - html: - description: Whether notification message is HTML or plain - text. - type: boolean httpConfig: description: HTTP client configuration. properties: @@ -1419,8 +2774,9 @@ spec: v0.22+. properties: credentials: - description: The secret's key that contains the - credentials of the request + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -1441,8 +2797,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -1451,8 +2808,8 @@ spec: BasicAuth takes precedence. properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: description: The key of the secret to select @@ -1473,8 +2830,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -1519,6 +2876,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic followRedirects: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. @@ -1528,8 +2886,9 @@ spec: a token for the targets. properties: clientId: - description: The secret or configmap containing - the OAuth2 client id + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' properties: configMap: description: ConfigMap containing data to @@ -1577,8 +2936,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 - client secret + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select @@ -1601,17 +2960,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token - URL + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token - request + description: '`scopes` defines the OAuth2 scopes + used for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to + fetch the token from.' minLength: 1 type: string required: @@ -1626,8 +2986,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -1675,8 +3035,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -1754,195 +3114,53 @@ spec: type: string type: object type: object - message: - description: Notification message. + iconEmoji: type: string - priority: - description: Priority, see https://pushover.net/api#priority + iconURL: type: string - retry: - description: How often the Pushover servers will send - the same notification to the user. Must be at least - 30 seconds. - pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: type: string sendResolved: description: Whether or not to notify about resolved alerts. type: boolean - sound: - description: The name of one of the sounds supported by - device clients to override the user's default sound - choice + shortFields: + type: boolean + text: + type: string + thumbURL: type: string title: - description: Notification title. type: string - token: - description: The secret's key that contains the registered - application's API token, see https://pushover.net/apps. - The secret needs to be in the same namespace as the - AlertmanagerConfig object and accessible by the Prometheus - Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - url: - description: A supplementary URL shown alongside the message. + titleLink: type: string - urlTitle: - description: A title for supplementary URL, otherwise - just the URL is shown + username: type: string - userKey: - description: The secret's key that contains the recipient - user's user key. The secret needs to be in the same - namespace as the AlertmanagerConfig object and accessible - by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object type: object type: array - slackConfigs: - description: List of Slack configurations. + snsConfigs: + description: List of SNS configurations items: - description: SlackConfig configures notifications via Slack. - See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + description: SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs properties: - actions: - description: A list of Slack actions that are sent with - each notification. - items: - description: SlackAction configures a single Slack action - that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields - and https://api.slack.com/docs/message-buttons for - more information. - properties: - confirm: - description: SlackConfirmationField protect users - from destructive actions or particularly distinguished - decisions by asking them to confirm their button - click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields - for more information. - properties: - dismissText: - type: string - okText: - type: string - text: - minLength: 1 - type: string - title: - type: string - required: - - text - type: object - name: - type: string - style: - type: string - text: - minLength: 1 - type: string - type: - minLength: 1 - type: string - url: - type: string - value: - type: string - required: - - text - - type - type: object - type: array apiURL: - description: The secret's key that contains the Slack - webhook URL. The secret needs to be in the same namespace - as the AlertmanagerConfig object and accessible by the - Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - callbackId: - type: string - channel: - description: The channel or user to send notifications - to. - type: string - color: - type: string - fallback: - type: string - fields: - description: A list of Slack fields that are sent with - each notification. - items: - description: SlackField configures a single Slack field - that is sent with each notification. Each field must - contain a title, value, and optionally, a boolean - value to indicate if the field is short enough to - be displayed next to other fields designated as short. - See https://api.slack.com/docs/message-attachments#fields - for more information. - properties: - short: - type: boolean - title: - minLength: 1 - type: string - value: - minLength: 1 - type: string - required: - - title - - value - type: object - type: array - footer: + description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will + be used. type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object httpConfig: description: HTTP client configuration. properties: @@ -1953,8 +3171,9 @@ spec: v0.22+. properties: credentials: - description: The secret's key that contains the - credentials of the request + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -1975,8 +3194,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -1985,8 +3205,8 @@ spec: BasicAuth takes precedence. properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: description: The key of the secret to select @@ -2007,8 +3227,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -2053,6 +3273,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic followRedirects: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. @@ -2062,8 +3283,9 @@ spec: a token for the targets. properties: clientId: - description: The secret or configmap containing - the OAuth2 client id + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' properties: configMap: description: ConfigMap containing data to @@ -2111,8 +3333,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 - client secret + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select @@ -2135,17 +3357,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token - URL + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token - request + description: '`scopes` defines the OAuth2 scopes + used for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to + fetch the token from.' minLength: 1 type: string required: @@ -2160,8 +3383,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -2209,8 +3432,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -2288,53 +3511,144 @@ spec: type: string type: object type: object - iconEmoji: - type: string - iconURL: - type: string - imageURL: - type: string - linkNames: - type: boolean - mrkdwnIn: - items: - type: string - type: array - pretext: - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - shortFields: - type: boolean - text: - type: string - thumbURL: - type: string - title: + message: + description: The message content of the SNS notification. + type: string + phoneNumber: + description: Phone number if message is delivered via + SMS in E.164 format. If you don't specify this value, + you must specify a value for the TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature Verification 4 + signing process to sign requests. + properties: + accessKey: + description: AccessKey is the AWS API key. If not + specified, the environment variable `AWS_ACCESS_KEY_ID` + is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS profile used + to authenticate. + type: string + region: + description: Region is the AWS region. If blank, the + region from the default credentials chain used. + type: string + roleArn: + description: RoleArn is the named AWS profile used + to authenticate. + type: string + secretKey: + description: SecretKey is the AWS API secret. If not + specified, the environment variable `AWS_SECRET_ACCESS_KEY` + is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the message is delivered + to email endpoints. type: string - titleLink: + targetARN: + description: The mobile platform endpoint ARN if message + is delivered via mobile notifications. If you don't + specify this value, you must specify a value for the + topic_arn or PhoneNumber. type: string - username: + topicARN: + description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, you must specify a + value for the PhoneNumber or TargetARN. type: string type: object type: array - snsConfigs: - description: List of SNS configurations + telegramConfigs: + description: List of Telegram configurations. items: - description: SNSConfig configures notifications via AWS SNS. - See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + description: TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config properties: apiURL: - description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. - If not specified, the SNS API URL from the SNS SDK will - be used. + description: The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. type: string - attributes: - additionalProperties: - type: string - description: SNS message attributes. + botToken: + description: "Telegram bot token. It is mutually exclusive + with `botTokenFile`. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. \n Either `botToken` or + `botTokenFile` is required." + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key type: object + x-kubernetes-map-type: atomic + botTokenFile: + description: "File to read the Telegram bot token from. + It is mutually exclusive with `botToken`. Either `botToken` + or `botTokenFile` is required. \n It requires Alertmanager + >= v0.26.0." + type: string + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean httpConfig: description: HTTP client configuration. properties: @@ -2345,8 +3659,9 @@ spec: v0.22+. properties: credentials: - description: The secret's key that contains the - credentials of the request + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -2367,8 +3682,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -2377,8 +3693,8 @@ spec: BasicAuth takes precedence. properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: description: The key of the secret to select @@ -2399,8 +3715,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -2445,6 +3761,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic followRedirects: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. @@ -2454,8 +3771,9 @@ spec: a token for the targets. properties: clientId: - description: The secret or configmap containing - the OAuth2 client id + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' properties: configMap: description: ConfigMap containing data to @@ -2503,8 +3821,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 - client secret + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select @@ -2527,17 +3845,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token - URL + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token - request + description: '`scopes` defines the OAuth2 scopes + used for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to + fetch the token from.' minLength: 1 type: string required: @@ -2552,8 +3871,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -2601,8 +3920,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -2681,136 +4000,74 @@ spec: type: object type: object message: - description: The message content of the SNS notification. + description: Message template type: string - phoneNumber: - description: Phone number if message is delivered via - SMS in E.164 format. If you don't specify this value, - you must specify a value for the TopicARN or TargetARN. + parseMode: + description: Parse mode for telegram message + enum: + - MarkdownV2 + - Markdown + - HTML type: string sendResolved: - description: Whether or not to notify about resolved alerts. + description: Whether to notify about resolved alerts. type: boolean - sigv4: - description: Configures AWS's Signature Verification 4 - signing process to sign requests. + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via + VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that contains the API key + to use when talking to the VictorOps API. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. properties: - accessKey: - description: AccessKey is the AWS API key. If blank, - the environment variable `AWS_ACCESS_KEY_ID` is - used. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - profile: - description: Profile is the named AWS profile used - to authenticate. - type: string - region: - description: Region is the AWS region. If blank, the - region from the default credentials chain used. + key: + description: The key of the secret to select from. Must + be a valid secret key. type: string - roleArn: - description: RoleArn is the named AWS profile used - to authenticate. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string - secretKey: - description: SecretKey is the AWS API secret. If blank, - the environment variable `AWS_SECRET_ACCESS_KEY` - is used. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key type: object - subject: - description: Subject line when the message is delivered - to email endpoints. - type: string - targetARN: - description: The mobile platform endpoint ARN if message - is delivered via mobile notifications. If you don't - specify this value, you must specify a value for the - topic_arn or PhoneNumber. - type: string - topicARN: - description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic - If you don't specify this value, you must specify a - value for the PhoneNumber or TargetARN. + x-kubernetes-map-type: atomic + apiUrl: + description: The VictorOps API URL. type: string - type: object - type: array - telegramConfigs: - description: List of Telegram configurations. - items: - description: TelegramConfig configures notifications via Telegram. - See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config - properties: - apiURL: - description: The Telegram API URL i.e. https://api.telegram.org. - If not specified, default API URL will be used. + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. type: string - botToken: - description: Telegram bot token The secret needs to be - in the same namespace as the AlertmanagerConfig object - and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - chatID: - description: The Telegram chat ID. - format: int64 - type: integer - disableNotifications: - description: Disable telegram notifications - type: boolean httpConfig: - description: HTTP client configuration. + description: The HTTP client's configuration. properties: authorization: description: Authorization header configuration for @@ -2819,8 +4076,9 @@ spec: v0.22+. properties: credentials: - description: The secret's key that contains the - credentials of the request + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -2841,8 +4099,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -2851,8 +4110,8 @@ spec: BasicAuth takes precedence. properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: description: The key of the secret to select @@ -2873,8 +4132,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -2919,6 +4178,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic followRedirects: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. @@ -2928,8 +4188,9 @@ spec: a token for the targets. properties: clientId: - description: The secret or configmap containing - the OAuth2 client id + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' properties: configMap: description: ConfigMap containing data to @@ -2977,8 +4238,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 - client secret + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select @@ -3001,17 +4262,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token - URL + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token - request + description: '`scopes` defines the OAuth2 scopes + used for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to + fetch the token from.' minLength: 1 type: string required: @@ -3026,8 +4288,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -3075,8 +4337,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -3154,74 +4416,41 @@ spec: type: string type: object type: object - message: - description: Message template + messageType: + description: Describes the behavior of the alert (CRITICAL, + WARNING, INFO). type: string - parseMode: - description: Parse mode for telegram message - enum: - - MarkdownV2 - - Markdown - - HTML + monitoringTool: + description: The monitoring tool the state message is + from. + type: string + routingKey: + description: A key used to map the alert to a team. type: string sendResolved: - description: Whether to notify about resolved alerts. + description: Whether or not to notify about resolved alerts. type: boolean + stateMessage: + description: Contains long explanation of the alerted + problem. + type: string type: object type: array - victoropsConfigs: - description: List of VictorOps configurations. + webexConfigs: + description: List of Webex configurations. items: - description: VictorOpsConfig configures notifications via - VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + description: WebexConfig configures notification via Cisco + Webex See https://prometheus.io/docs/alerting/latest/configuration/#webex_config properties: - apiKey: - description: The secret's key that contains the API key - to use when talking to the VictorOps API. The secret - needs to be in the same namespace as the AlertmanagerConfig - object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - apiUrl: - description: The VictorOps API URL. - type: string - customFields: - description: Additional custom fields for notification. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - entityDisplayName: - description: Contains summary of the alerted problem. + apiURL: + description: The Webex Teams API URL i.e. https://webexapis.com/v1/messages + Provide if different from the default API URL. + pattern: ^https?://.+$ type: string httpConfig: - description: The HTTP client's configuration. + description: The HTTP client's configuration. You must + supply the bot token via the `httpConfig.authorization` + field. properties: authorization: description: Authorization header configuration for @@ -3230,8 +4459,9 @@ spec: v0.22+. properties: credentials: - description: The secret's key that contains the - credentials of the request + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -3252,8 +4482,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -3262,8 +4493,8 @@ spec: BasicAuth takes precedence. properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: description: The key of the secret to select @@ -3284,8 +4515,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -3330,6 +4561,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic followRedirects: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. @@ -3339,8 +4571,9 @@ spec: a token for the targets. properties: clientId: - description: The secret or configmap containing - the OAuth2 client id + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' properties: configMap: description: ConfigMap containing data to @@ -3388,8 +4621,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 - client secret + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select @@ -3412,17 +4645,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token - URL + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token - request + description: '`scopes` defines the OAuth2 scopes + used for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to + fetch the token from.' minLength: 1 type: string required: @@ -3437,8 +4671,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -3486,8 +4720,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -3565,24 +4799,19 @@ spec: type: string type: object type: object - messageType: - description: Describes the behavior of the alert (CRITICAL, - WARNING, INFO). - type: string - monitoringTool: - description: The monitoring tool the state message is - from. + message: + description: Message template type: string - routingKey: - description: A key used to map the alert to a team. + roomID: + description: ID of the Webex Teams room where to send + the messages. + minLength: 1 type: string sendResolved: - description: Whether or not to notify about resolved alerts. + description: Whether to notify about resolved alerts. type: boolean - stateMessage: - description: Contains long explanation of the alerted - problem. - type: string + required: + - roomID type: object type: array webhookConfigs: @@ -3601,8 +4830,9 @@ spec: v0.22+. properties: credentials: - description: The secret's key that contains the - credentials of the request + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -3623,8 +4853,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -3633,8 +4864,8 @@ spec: BasicAuth takes precedence. properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: description: The key of the secret to select @@ -3655,8 +4886,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -3701,6 +4932,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic followRedirects: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. @@ -3710,8 +4942,9 @@ spec: a token for the targets. properties: clientId: - description: The secret or configmap containing - the OAuth2 client id + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' properties: configMap: description: ConfigMap containing data to @@ -3759,8 +4992,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 - client secret + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select @@ -3783,17 +5016,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token - URL + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token - request + description: '`scopes` defines the OAuth2 scopes + used for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to + fetch the token from.' minLength: 1 type: string required: @@ -3808,8 +5042,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -3857,8 +5091,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -3974,6 +5208,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object type: array wechatConfigs: @@ -4006,6 +5241,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic apiURL: description: The WeChat API URL. type: string @@ -4022,8 +5258,9 @@ spec: v0.22+. properties: credentials: - description: The secret's key that contains the - credentials of the request + description: Selects a key of a Secret in the + namespace that contains the credentials for + authentication. properties: key: description: The key of the secret to select @@ -4044,8 +5281,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. + The value is case-insensitive. \n \"Basic\" + is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -4054,8 +5292,8 @@ spec: BasicAuth takes precedence. properties: password: - description: The secret in the service monitor - namespace that contains the password for authentication. + description: '`password` specifies a key of a + Secret containing the password for authentication.' properties: key: description: The key of the secret to select @@ -4076,8 +5314,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor - namespace that contains the username for authentication. + description: '`username` specifies a key of a + Secret containing the username for authentication.' properties: key: description: The key of the secret to select @@ -4122,6 +5360,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic followRedirects: description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. @@ -4131,8 +5370,9 @@ spec: a token for the targets. properties: clientId: - description: The secret or configmap containing - the OAuth2 client id + description: '`clientId` specifies a key of a + Secret or ConfigMap containing the OAuth2 client''s + ID.' properties: configMap: description: ConfigMap containing data to @@ -4180,8 +5420,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 - client secret + description: '`clientSecret` specifies a key of + a Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select @@ -4204,17 +5444,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token - URL + description: '`endpointParams` configures the + HTTP parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token - request + description: '`scopes` defines the OAuth2 scopes + used for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to + fetch the token from.' minLength: 1 type: string required: @@ -4229,8 +5470,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -4278,8 +5519,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -4383,6 +5624,12 @@ spec: the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. properties: + activeTimeIntervals: + description: ActiveTimeIntervals is a list of MuteTimeInterval + names when this route should be active. + items: + type: string + type: array continue: description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden @@ -4428,9 +5675,9 @@ spec: minLength: 1 type: string regex: - description: Whether to match on equality (false) or regular-expression - (true). Deprecated as of AlertManager >= v0.22.0 where - a user should use MatchType instead. + description: 'Whether to match on equality (false) or regular-expression + (true). Deprecated: for AlertManager >= v0.22.0, `matchType` + should be used instead.' type: boolean value: description: Label value to match. @@ -4478,8 +5725,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 + operator.prometheus.io/version: 0.71.2 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -4503,6 +5750,16 @@ spec: jsonPath: .spec.replicas name: Replicas type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date @@ -5366,6 +6623,22 @@ spec: type: array type: object type: object + alertmanagerConfigMatcherStrategy: + description: The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig + objects match the alerts. In the future more options may be added. + properties: + type: + default: OnNamespace + description: If set to `OnNamespace`, the operator injects a label + matcher matching the namespace of the AlertmanagerConfig object + for all its routes and inhibition rules. `None` will not add + any additional matchers other than the ones specified in the + AlertmanagerConfig. Default is `OnNamespace`. + enum: + - OnNamespace + - None + type: string + type: object alertmanagerConfigNamespaceSelector: description: Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. @@ -5476,8 +6749,8 @@ spec: is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials - of the request + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -5498,8 +6771,9 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults - to Bearer, Basic will cause an error + description: "Defines the authentication type. The + value is case-insensitive. \n \"Basic\" is not a + supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -5508,8 +6782,8 @@ spec: takes precedence. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. + description: '`password` specifies a key of a Secret + containing the password for authentication.' properties: key: description: The key of the secret to select from. Must @@ -5530,8 +6804,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. + description: '`username` specifies a key of a Secret + containing the username for authentication.' properties: key: description: The key of the secret to select from. Must @@ -5584,8 +6858,8 @@ spec: token for the targets. properties: clientId: - description: The secret or configmap containing the - OAuth2 client id + description: '`clientId` specifies a key of a Secret + or ConfigMap containing the OAuth2 client''s ID.' properties: configMap: description: ConfigMap containing data to use @@ -5632,8 +6906,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client - secret + description: '`clientSecret` specifies a key of a + Secret containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select from. Must @@ -5656,15 +6930,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL + description: '`endpointParams` configures the HTTP + parameters to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token request + description: '`scopes` defines the OAuth2 scopes used + for the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to fetch + the token from.' minLength: 1 type: string required: @@ -5679,8 +6956,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to use - for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to use @@ -5727,8 +7004,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert file - for the targets. + description: Client certificate to present when doing + client-authentication. properties: configMap: description: ConfigMap containing data to use @@ -5804,14 +7081,156 @@ spec: type: string type: object type: object - resolveTimeout: - description: ResolveTimeout is the default value used by alertmanager - if the alert does not include EndsAt, after this time passes - it can declare the alert as resolved if it has not been - updated. This has no impact on alerts from Prometheus, as - they always include EndsAt. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string + opsGenieApiKey: + description: The default OpsGenie API Key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + opsGenieApiUrl: + description: The default OpsGenie API URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + pagerdutyUrl: + description: The default Pagerduty URL. + type: string + resolveTimeout: + description: ResolveTimeout is the default value used by alertmanager + if the alert does not include EndsAt, after this time passes + it can declare the alert as resolved if it has not been + updated. This has no impact on alerts from Prometheus, as + they always include EndsAt. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + slackApiUrl: + description: The default Slack API URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + smtp: + description: Configures global SMTP parameters. + properties: + authIdentity: + description: SMTP Auth using PLAIN + type: string + authPassword: + description: SMTP Auth using LOGIN and PLAIN. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: SMTP Auth using CRAM-MD5. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: SMTP Auth using CRAM-MD5, LOGIN and PLAIN. + If empty, Alertmanager doesn't authenticate to the SMTP + server. + type: string + from: + description: The default SMTP From header field. + type: string + hello: + description: The default hostname to identify to the SMTP + server. + type: string + requireTLS: + description: The default SMTP TLS requirement. Note that + Go does not support unencrypted connections to remote + SMTP endpoints. + type: boolean + smartHost: + description: The default SMTP smarthost used for sending + emails. + properties: + host: + description: Defines the host's address, it can be + a DNS name or a literal IP address. + minLength: 1 + type: string + port: + description: Defines the host's port, it can be a + literal port number or a port name. + minLength: 1 + type: string + required: + - host + - port + type: object + type: object type: object name: description: The name of the AlertmanagerConfig resource which @@ -5867,9 +7286,15 @@ spec: type: object type: array type: object + automountServiceAccountToken: + description: 'AutomountServiceAccountToken indicates whether a service + account token should be automatically mounted in the pod. If the + service account has `automountServiceAccountToken: true`, set the + field to `false` to opt out of automounting API credentials.' + type: boolean baseImage: description: 'Base image that is used to deploy pods, without tag. - Deprecated: use ''image'' instead' + Deprecated: use ''image'' instead.' type: string clusterAdvertiseAddress: description: 'ClusterAdvertiseAddress is the explicit address to advertise @@ -5880,6 +7305,13 @@ spec: description: Interval between gossip attempts. pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + clusterLabel: + description: Defines the identifier that uniquely identifies the Alertmanager + cluster. You should only set it when the Alertmanager cluster includes + Alertmanager instances which are external to this Alertmanager resource. + In practice, the addresses of the external instances are provided + via the `.spec.additionalPeers` field. + type: string clusterPeerTimeout: description: Timeout for cluster peering. pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ @@ -5904,10 +7336,11 @@ spec: for this Alertmanager instance. If empty, it defaults to `alertmanager-`. \n The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret - are copied to the generated secret. \n If either the secret or the - `alertmanager.yaml` key is missing, the operator provisions an Alertmanager - configuration with one empty receiver (effectively dropping alert - notifications)." + are copied to the generated secret and mounted into the `/etc/alertmanager/config` + directory in the `alertmanager` container. \n If either the secret + or the `alertmanager.yaml` key is missing, the operator provisions + a minimal Alertmanager configuration with one empty receiver (effectively + dropping alert notifications)." type: string containers: description: 'Containers allows injecting additional containers. This @@ -6168,7 +7601,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -6264,7 +7699,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -6344,8 +7781,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -6377,7 +7812,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -6546,8 +7983,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -6579,7 +8014,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -6668,10 +8105,52 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6692,10 +8171,29 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -6817,8 +8315,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -6851,16 +8349,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -6906,8 +8400,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -6939,7 +8431,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -7178,6 +8672,16 @@ spec: to ensure the Prometheus Operator knows what version of Alertmanager is being configured. type: string + imagePullPolicy: + description: Image pull policy for the 'alertmanager', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string imagePullSecrets: description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images @@ -7199,10 +8703,12 @@ spec: into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other then secret fetching - is entirely outside the scope of what the maintainers will support - and by doing so, you accept that this behaviour may break at any - time without notice.' + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. The current init container name is: + `init-config-reloader`. Overriding init containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice.' items: description: A single application container that you want to run within a pod. @@ -7453,7 +8959,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -7549,7 +9057,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -7629,8 +9139,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -7662,7 +9170,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -7831,8 +9341,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -7864,7 +9372,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -7953,10 +9463,52 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7977,10 +9529,29 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -8102,8 +9673,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -8136,16 +9707,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -8191,8 +9758,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -8224,7 +9789,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -8449,8 +10016,9 @@ spec: description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available - as soon as it is ready) This is an alpha field and requires enabling - StatefulSetMinReadySeconds feature gate. + as soon as it is ready) This is an alpha field from kubernetes 1.22 + until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate. format: int32 type: integer nodeSelector: @@ -8463,8 +10031,15 @@ spec: objects are not goint to be performed, except for delete actions. type: boolean podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to the alertmanager pods. + description: "PodMetadata configures labels and annotations which + are propagated to the Alertmanager pods. \n The following items + are reserved and cannot be overridden: * \"alertmanager\" label, + set to the name of the Alertmanager instance. * \"app.kubernetes.io/instance\" + label, set to the name of the Alertmanager instance. * \"app.kubernetes.io/managed-by\" + label, set to \"prometheus-operator\". * \"app.kubernetes.io/name\" + label, set to \"alertmanager\". * \"app.kubernetes.io/version\" + label, set to the Alertmanager version. * \"kubectl.kubernetes.io/default-container\" + annotation, set to \"alertmanager\"." properties: annotations: additionalProperties: @@ -8491,8 +10066,9 @@ spec: type: string type: object portName: - description: Port name used for the pods and governing service. This - defaults to web + default: web + description: Port name used for the pods and governing service. Defaults + to `web`. type: string priorityClassName: description: Priority class assigned to the Pods @@ -8506,6 +10082,27 @@ spec: resources: description: Define resources requests and limits for single Pods. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8526,7 +10123,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object retention: @@ -8639,7 +10237,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -8653,9 +10252,14 @@ spec: type: object supplementalGroups: description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. Note - that this field cannot be set when spec.os.name is windows. + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. items: format: int64 type: integer @@ -8698,14 +10302,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -8724,7 +10325,7 @@ spec: description: 'SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag - are ignored if SHA is set. Deprecated: use ''image'' instead. The + are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' type: string storage: @@ -8732,13 +10333,12 @@ spec: by the Alertmanager instances. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default - in a future release, this option will become unnecessary. DisableMountSubPath - allows to remove any subPath usage in volume mounts.' + description: 'Deprecated: subPath usage will be removed in a future + release.' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. + description: 'EmptyDirVolumeSource to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: @@ -8757,13 +10357,13 @@ spec: medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the Prometheus - StatefulSets. This is a beta field in k8s 1.21, for lower versions, + description: 'EphemeralVolumeSource to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: @@ -8811,9 +10411,12 @@ spec: provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource feature gate - is enabled, this field will always have the same - contents as the DataSourceRef field.' + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -8838,27 +10441,33 @@ spec: dataSourceRef: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed if - the type of the specified object matches some installed - volume populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, - they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) will - be set to the same value automatically if one of - them is empty and the other is non-empty. There - are two important differences between DataSource - and DataSourceRef: * While DataSource only allows - two specific types of objects, DataSourceRef allows + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is - specified. (Beta) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -8875,11 +10484,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -8888,6 +10507,30 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -8909,8 +10552,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -8981,7 +10624,10 @@ spec: type: object type: object volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. + description: Defines the PVC spec to be used by the Prometheus + StatefulSets. The easiest way to use a volume that cannot be + automatically provisioned is to use a label selector alongside + manually created PersistentVolumes. properties: apiVersion: description: 'APIVersion defines the versioned schema of this @@ -9026,8 +10672,8 @@ spec: type: string type: object spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Defines the desired characteristics of a volume + requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: description: 'accessModes contains the desired access @@ -9041,9 +10687,12 @@ spec: * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the - contents of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will always have - the same contents as the DataSourceRef field.' + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -9065,24 +10714,31 @@ spec: dataSourceRef: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any local object from - a non-empty API group (non core object) or a PersistentVolumeClaim + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource + This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) will be set - to the same value automatically if one of them is empty - and the other is non-empty. There are two important - differences between DataSource and DataSourceRef: * - While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well as - PersistentVolumeClaim objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef preserves - all values, and generates an error if a disallowed value - is specified. (Beta) Using this field requires the AnyVolumeDataSource + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -9097,11 +10753,20 @@ spec: name: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -9110,6 +10775,30 @@ spec: must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -9131,7 +10820,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -9196,8 +10886,7 @@ spec: type: string type: object status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Deprecated: this field is never set.' properties: accessModes: description: 'accessModes contains the actual access modes @@ -9205,6 +10894,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -9212,19 +10946,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -9241,7 +10987,7 @@ spec: volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: @@ -9279,20 +11025,13 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object tag: description: 'Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is - set. Deprecated: use ''image'' instead. The image tag can be specified + set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' type: string tolerations: @@ -9389,14 +11128,18 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the incoming - pod labels will be ignored. A null or empty list means only - match against labelSelector. + for the incoming pod. The same key is forbidden to exist in + both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist + in the incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. \n This is a + beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -9453,8 +11196,8 @@ spec: are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor - policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." + policy. This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: description: "NodeTaintsPolicy indicates how we will treat node @@ -9463,8 +11206,8 @@ spec: for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: description: TopologyKey is the key of node labels. Nodes that @@ -9937,7 +11680,7 @@ spec: medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -10005,9 +11748,12 @@ spec: provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have the - same contents as the DataSourceRef field.' + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -10033,27 +11779,35 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API group (non core - object) or a PersistentVolumeClaim object. When - this field is specified, volume binding will only - succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as such if both fields are + dataSource field and as such if both fields are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While - DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef - preserves all values, and generates an error if - a disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource feature - gate to be enabled.' + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -10070,11 +11824,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -10083,6 +11847,31 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -10104,8 +11893,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -11066,6 +12855,12 @@ spec: web: description: Defines the web command line flags when starting Alertmanager. properties: + getConcurrency: + description: Maximum number of GET requests processed concurrently. + This corresponds to the Alertmanager's `--web.get-concurrency` + flag. + format: int32 + type: integer httpConfig: description: Defines HTTP parameters for web server. properties: @@ -11113,6 +12908,11 @@ spec: a rolling update will be triggered. type: boolean type: object + timeout: + description: Timeout for HTTP requests. This corresponds to the + Alertmanager's `--web.timeout` flag. + format: int32 + type: integer tlsConfig: description: Defines the TLS parameters for HTTPS. properties: @@ -11266,31 +13066,71 @@ spec: type: object status: description: 'Most recent observed status of the Alertmanager cluster. - Read-only. Not included when requesting from the apiserver, only from - the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: description: Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. format: int32 type: integer + conditions: + description: The current state of the Alertmanager object. + items: + description: Condition represents the state of the resources associated + with the Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: Human-readable message indicating details for the + condition's last transition. + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if `.metadata.generation` + is currently 12, but the `.status.conditions[].observedGeneration` + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. + type: string + status: + description: Status of the condition. + type: string + type: + description: Type of the condition being reported. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map paused: description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. type: boolean replicas: description: Total number of non-terminated pods targeted by this - Alertmanager cluster (their labels match the selector). + Alertmanager object (their labels match the selector). format: int32 type: integer unavailableReplicas: description: Total number of unavailable pods targeted by this Alertmanager - cluster. + object. format: int32 type: integer updatedReplicas: description: Total number of non-terminated pods targeted by this - Alertmanager cluster that have the desired version spec. + Alertmanager object that have the desired version spec. format: int32 type: integer required: @@ -11305,14 +13145,15 @@ spec: type: object served: true storage: true - subresources: {} + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 + operator.prometheus.io/version: 0.71.2 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11376,17 +13217,16 @@ spec: cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: additionalAlertManagerConfigs: - description: 'AdditionalAlertManagerConfigs allows specifying a key - of a Secret containing additional Prometheus AlertManager configurations. - AlertManager configurations specified are appended to the configurations - generated by the Prometheus Operator. Job configurations specified - must have the form as specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. - As AlertManager configs are appended, the user is responsible to - make sure it is valid. Note that using this feature may expose the - possibility to break upgrades of Prometheus. It is advised to review - Prometheus release notes to ensure that no incompatible AlertManager - configs are going to break Prometheus after the upgrade.' + description: "AdditionalAlertManagerConfigs specifies a key of a Secret + containing additional Prometheus Alertmanager configurations. The + Alertmanager configurations are appended to the configuration generated + by the Prometheus Operator. They must be formatted according to + the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config + \n The user is responsible for making sure that the configurations + are valid \n Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade." properties: key: description: The key of the secret to select from. Must be a @@ -11404,17 +13244,16 @@ spec: type: object x-kubernetes-map-type: atomic additionalAlertRelabelConfigs: - description: 'AdditionalAlertRelabelConfigs allows specifying a key - of a Secret containing additional Prometheus alert relabel configurations. - Alert relabel configurations specified are appended to the configurations - generated by the Prometheus Operator. Alert relabel configurations - specified must have the form as specified in the official Prometheus - documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. - As alert relabel configs are appended, the user is responsible to - make sure it is valid. Note that using this feature may expose the - possibility to break upgrades of Prometheus. It is advised to review - Prometheus release notes to ensure that no incompatible alert relabel - configs are going to break Prometheus after the upgrade.' + description: "AdditionalAlertRelabelConfigs specifies a key of a Secret + containing additional Prometheus alert relabel configurations. The + alert relabel configurations are appended to the configuration generated + by the Prometheus Operator. They must be formatted according to + the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs + \n The user is responsible for making sure that the configurations + are valid \n Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible alert relabel configs + are going to break Prometheus after the upgrade." properties: key: description: The key of the secret to select from. Must be a @@ -11432,15 +13271,15 @@ spec: type: object x-kubernetes-map-type: atomic additionalArgs: - description: AdditionalArgs allows setting additional arguments for - the Prometheus container. It is intended for e.g. activating hidden - flags which are not supported by the dedicated configuration options - yet. The arguments are passed as-is to the Prometheus container + description: "AdditionalArgs allows setting additional arguments for + the 'prometheus' container. \n It is intended for e.g. activating + hidden flags which are not supported by the dedicated configuration + options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the - given Prometheus version. In case of an argument conflict (e.g. + given Prometheus version. \n In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when - providing an invalid argument the reconciliation will fail and an - error will be logged. + providing an invalid argument, the reconciliation will fail and + an error will be logged." items: description: Argument as part of the AdditionalArgs list. properties: @@ -11485,7 +13324,7 @@ spec: type: object x-kubernetes-map-type: atomic affinity: - description: If specified, the pod's scheduling constraints. + description: Defines the Pods' affinity scheduling rules if specified. properties: nodeAffinity: description: Describes node affinity scheduling rules for the @@ -12313,14 +14152,14 @@ spec: type: object type: object alerting: - description: Define details regarding alerting. + description: Defines the settings related to Alertmanager. properties: alertmanagers: description: AlertmanagerEndpoints Prometheus should fire alerts against. items: description: AlertmanagerEndpoints defines a selection of a - single Endpoints object containing alertmanager IPs to fire + single Endpoints object containing Alertmanager IPs to fire alerts against. properties: apiVersion: @@ -12328,12 +14167,13 @@ spec: uses to send alerts. It can be "v1" or "v2". type: string authorization: - description: Authorization section for this alertmanager - endpoint + description: "Authorization section for Alertmanager. \n + Cannot be set at the same time as `basicAuth`, `bearerTokenFile` + or `sigv4`." properties: credentials: - description: The secret's key that contains the credentials - of the request + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -12353,19 +14193,73 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to - Bearer, Basic will cause an error + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported + value. \n Default: \"Bearer\"" type: string type: object + basicAuth: + description: "BasicAuth configuration for Alertmanager. + \n Cannot be set at the same time as `bearerTokenFile`, + `authorization` or `sigv4`." + properties: + password: + description: '`password` specifies a key of a Secret + containing the password for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: '`username` specifies a key of a Secret + containing the username for authentication.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object bearerTokenFile: - description: BearerTokenFile to read from filesystem to - use when authenticating to Alertmanager. + description: "File to read bearer token for Alertmanager. + \n Cannot be set at the same time as `basicAuth`, `authorization`, + or `sigv4`. \n Deprecated: this will be removed in a future + release. Prefer using `authorization`." type: string + enableHttp2: + description: Whether to enable HTTP2. + type: boolean name: - description: Name of Endpoints object in Namespace. + description: Name of the Endpoints object in the namespace. type: string namespace: - description: Namespace of Endpoints object. + description: Namespace of the Endpoints object. type: string pathPrefix: description: Prefix for the HTTP path alerts are pushed @@ -12375,22 +14269,84 @@ spec: anyOf: - type: integer - type: string - description: Port the Alertmanager API is exposed on. + description: Port on which the Alertmanager API is exposed. x-kubernetes-int-or-string: true scheme: description: Scheme to use when firing alerts. type: string + sigv4: + description: "Sigv4 allows to configures AWS's Signature + Verification 4 for the URL. \n It requires Prometheus + >= v2.48.0. \n Cannot be set at the same time as `basicAuth`, + `bearerTokenFile` or `authorization`." + properties: + accessKey: + description: AccessKey is the AWS API key. If not specified, + the environment variable `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS profile used to + authenticate. + type: string + region: + description: Region is the AWS region. If blank, the + region from the default credentials chain used. + type: string + roleArn: + description: RoleArn is the named AWS profile used to + authenticate. + type: string + secretKey: + description: SecretKey is the AWS API secret. If not + specified, the environment variable `AWS_SECRET_ACCESS_KEY` + is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object timeout: description: Timeout is a per-target Alertmanager timeout when pushing alerts. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: - description: TLS Config to use for alertmanager connection. + description: TLS Config to use for Alertmanager. properties: ca: - description: Struct containing the CA cert to use for - the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to use for @@ -12441,8 +14397,8 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file - for the targets. + description: Client certificate to present when doing + client-authentication. properties: configMap: description: ConfigMap containing data to use for @@ -12534,22 +14490,24 @@ spec: - alertmanagers type: object allowOverlappingBlocks: - description: AllowOverlappingBlocks enables vertical compaction and - vertical query merge in Prometheus. This is still experimental in - Prometheus so it may change in any upcoming release. + description: "AllowOverlappingBlocks enables vertical compaction and + vertical query merge in Prometheus. \n Deprecated: this flag has + no effect for Prometheus >= 2.39.0 where overlapping blocks are + enabled by default." type: boolean apiserverConfig: - description: APIServerConfig allows specifying a host and auth methods - to access apiserver. If left empty, Prometheus is assumed to run - inside of the cluster and will discover API servers automatically - and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + description: 'APIServerConfig allows specifying a host and auth methods + to access the Kuberntees API server. If null, Prometheus is assumed + to run inside of the cluster: it will discover the API servers automatically + and use the Pod''s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.' properties: authorization: - description: Authorization section for accessing apiserver + description: "Authorization section for the API server. \n Cannot + be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`." properties: credentials: - description: The secret's key that contains the credentials - of the request + description: Selects a key of a Secret in the namespace that + contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -12569,20 +14527,22 @@ spec: x-kubernetes-map-type: atomic credentialsFile: description: File to read a secret from, mutually exclusive - with Credentials (from SafeAuthorization) + with `credentials`. type: string type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error + description: "Defines the authentication type. The value is + case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" type: string type: object basicAuth: - description: BasicAuth allow an endpoint to authenticate over - basic authentication + description: "BasicAuth configuration for the API server. \n Cannot + be set at the same time as `authorization`, `bearerToken`, or + `bearerTokenFile`." properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. + description: '`password` specifies a key of a Secret containing + the password for authentication.' properties: key: description: The key of the secret to select from. Must @@ -12601,8 +14561,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. + description: '`username` specifies a key of a Secret containing + the username for authentication.' properties: key: description: The key of the secret to select from. Must @@ -12622,21 +14582,26 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: Bearer token for accessing apiserver. + description: "*Warning: this field shouldn't be used because the + token value appears in clear-text. Prefer using `authorization`.* + \n Deprecated: this will be removed in a future release." type: string bearerTokenFile: - description: File to read bearer token for accessing apiserver. + description: "File to read bearer token for accessing apiserver. + \n Cannot be set at the same time as `basicAuth`, `authorization`, + or `bearerToken`. \n Deprecated: this will be removed in a future + release. Prefer using `authorization`." type: string host: - description: Host of apiserver. A valid string consisting of a - hostname or IP followed by an optional port number + description: Kubernetes API address consisting of a hostname or + IP address followed by an optional port number. type: string tlsConfig: - description: TLS Config to use for accessing apiserver. + description: TLS Config to use for the API server. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -12684,8 +14649,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for the - targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -12767,16 +14731,25 @@ spec: - host type: object arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration - based on a service monitor can access arbitrary files on the file - system of the Prometheus container e.g. bearer token files. + description: When true, ServiceMonitor, PodMonitor and Probe object + are forbidden to reference arbitrary files on the file system of + the 'prometheus' container. When a ServiceMonitor's endpoint specifies + a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), + a malicious target can get access to the Prometheus service account's + token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` + to 'true' would prevent the attack. Users should instead provide + the credentials using the `spec.bearerTokenSecret` field. properties: deny: type: boolean type: object baseImage: - description: 'Base image to use for a Prometheus deployment. Deprecated: - use ''image'' instead' + description: 'Deprecated: use ''spec.image'' instead.' + type: string + bodySizeLimit: + description: BodySizeLimit defines per-scrape on response body size. + Only valid in Prometheus versions 2.45.0 and newer. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string configMaps: description: ConfigMaps is a list of ConfigMaps in the same namespace @@ -12787,18 +14760,18 @@ spec: container. items: type: string - type: array - containers: - description: 'Containers allows injecting additional containers or - modifying operator generated containers. This can be used to allow - adding an authentication proxy to a Prometheus pod or to change - the behavior of an operator generated container. Containers described - here modify an operator generated container if they share the same - name and modifications are done via a strategic merge patch. The - current container names are: `prometheus`, `config-reloader`, and - `thanos-sidecar`. Overriding containers is entirely outside the - scope of what the maintainers will support and by doing so, you - accept that this behaviour may break at any time without notice.' + type: array + containers: + description: "Containers allows injecting additional containers or + modifying operator generated containers. This can be used to allow + adding an authentication proxy to the Pods or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and + modifications are done via a strategic merge patch. \n The names + of containers managed by the operator are: * `prometheus` * `config-reloader` + * `thanos-sidecar` \n Overriding containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice." items: description: A single application container that you want to run within a pod. @@ -13049,7 +15022,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -13145,7 +15120,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -13225,8 +15202,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -13258,7 +15233,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -13427,8 +15404,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -13460,7 +15435,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -13549,10 +15526,52 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -13573,10 +15592,29 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -13698,8 +15736,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -13732,16 +15770,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -13787,8 +15821,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -13820,7 +15852,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -14021,105 +16055,118 @@ spec: type: object type: array disableCompaction: - description: Disable prometheus compaction. + description: When true, the Prometheus compaction is disabled. type: boolean enableAdminAPI: - description: 'Enable access to prometheus web admin API. Defaults - to the value of `false`. WARNING: Enabling the admin APIs enables - mutating endpoints, to delete data, shutdown Prometheus, and more. - Enabling this should be done with care and the user is advised to - add additional authentication authorization via a proxy to ensure - only clients authorized to perform these actions can do so. For - more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + description: "Enables access to the Prometheus web admin API. \n WARNING: + Enabling the admin APIs enables mutating endpoints, to delete data, + shutdown Prometheus, and more. Enabling this should be done with + care and the user is advised to add additional authentication authorization + via a proxy to ensure only clients authorized to perform these actions + can do so. \n For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis" type: boolean enableFeatures: - description: Enable access to Prometheus disabled features. By default, - no features are enabled. Enabling disabled features is entirely - outside the scope of what the maintainers will support and by doing - so, you accept that this behaviour may break at any time without - notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/ + description: "Enable access to Prometheus feature flags. By default, + no features are enabled. \n Enabling features which are disabled + by default is entirely outside the scope of what the maintainers + will support and by doing so, you accept that this behaviour may + break at any time without notice. \n For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" items: type: string type: array enableRemoteWriteReceiver: - description: 'Enable Prometheus to be used as a receiver for the Prometheus - remote write protocol. Defaults to the value of `false`. WARNING: - This is not considered an efficient way of ingesting samples. Use - it with caution for specific low-volume use cases. It is not suitable - for replacing the ingestion via scraping and turning Prometheus - into a push-based metrics collection system. For more information - see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver - Only valid in Prometheus versions 2.33.0 and newer.' + description: "Enable Prometheus to be used as a receiver for the Prometheus + remote write protocol. \n WARNING: This is not considered an efficient + way of ingesting samples. Use it with caution for specific low-volume + use cases. It is not suitable for replacing the ingestion via scraping + and turning Prometheus into a push-based metrics collection system. + For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + \n It requires Prometheus >= v2.33.0." type: boolean enforcedBodySizeLimit: - description: 'EnforcedBodySizeLimit defines the maximum size of uncompressed - response body that will be accepted by Prometheus. Targets responding - with a body larger than this many bytes will cause the scrape to - fail. Example: 100MB. If defined, the limit will apply to all service/pod - monitors and probes. This is an experimental feature, this behaviour - could change or be removed in the future. Only valid in Prometheus - versions 2.28.0 and newer.' + description: "When defined, enforcedBodySizeLimit specifies a global + limit on the size of uncompressed response body that will be accepted + by Prometheus. Targets responding with a body larger than this many + bytes will cause the scrape to fail. \n It requires Prometheus >= + v2.28.0." pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string + enforcedKeepDroppedTargets: + description: "When defined, enforcedKeepDroppedTargets specifies a + global limit on the number of targets dropped by relabeling that + will be kept in memory. The value overrides any `spec.keepDroppedTargets` + set by ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` + is greater than zero and less than `spec.enforcedKeepDroppedTargets`. + \n It requires Prometheus >= v2.47.0." + format: int64 + type: integer enforcedLabelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. If more than this number of labels are present post - metric-relabeling, the entire scrape will be treated as failed. - 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + description: "When defined, enforcedLabelLimit specifies a global + limit on the number of labels per sample. The value overrides any + `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. + \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedLabelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. If a label name is longer than this number - post metric-relabeling, the entire scrape will be treated as failed. - 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + description: "When defined, enforcedLabelNameLengthLimit specifies + a global limit on the length of labels name per sample. The value + overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, + PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is + greater than zero and less than `spec.enforcedLabelNameLengthLimit`. + \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedLabelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. If a label value is longer than this number - post metric-relabeling, the entire scrape will be treated as failed. - 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + description: "When not null, enforcedLabelValueLengthLimit defines + a global limit on the length of labels value per sample. The value + overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, + PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is + greater than zero and less than `spec.enforcedLabelValueLengthLimit`. + \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedNamespaceLabel: - description: "EnforcedNamespaceLabel If set, a label will be added - to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` - and `Probe` objects) and 2. in all `PrometheusRule` objects (except - the ones excluded in `prometheusRulesExcludedFromEnforce`) to * - alerting & recording rules and * the metrics used in their expressions - (`expr`). \n Label name is this field's value. Label value is the - namespace of the created object (mentioned above)." + description: "When not empty, a label will be added to \n 1. All metrics + scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` + objects. 2. All metrics generated from recording rules defined in + `PrometheusRule` objects. 3. All alerts generated from alerting + rules defined in `PrometheusRule` objects. 4. All vector selectors + of PromQL expressions defined in `PrometheusRule` objects. \n The + label will not added for objects referenced in `spec.excludedFromEnforcement`. + \n The label's name is this field's value. The label's value is + the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or + `PrometheusRule` object." type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines global limit on number of - scraped samples that will be accepted. This overrides any SampleLimit - set per ServiceMonitor or/and PodMonitor. It is meant to be used - by admins to enforce the SampleLimit to keep overall number of samples/series - under the desired limit. Note that if SampleLimit is lower that - value will be taken instead. + description: "When defined, enforcedSampleLimit specifies a global + limit on the number of scraped samples that will be accepted. This + overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, + Probe objects unless `spec.sampleLimit` is greater than zero and + less than than `spec.enforcedSampleLimit`. \n It is meant to be + used by admins to keep the overall number of samples/series under + a desired limit." format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the number - of scraped targets. This overrides any TargetLimit set per ServiceMonitor - or/and PodMonitor. It is meant to be used by admins to enforce - the TargetLimit to keep the overall number of targets under the - desired limit. Note that if TargetLimit is lower, that value will - be taken instead, except if either value is zero, in which case - the non-zero value will be used. If both values are zero, no limit - is enforced. + description: "When defined, enforcedTargetLimit specifies a global + limit on the number of scraped targets. The value overrides any + `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects + unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. + \n It is meant to be used by admins to to keep the overall number + of targets under a desired limit." format: int64 type: integer evaluationInterval: default: 30s - description: 'Interval between consecutive evaluations. Default: `30s`' + description: 'Interval between rule evaluations. Default: "30s"' pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string excludedFromEnforcement: - description: List of references to PodMonitor, ServiceMonitor, Probe + description: "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace - label of origin. Applies only if enforcedNamespaceLabel set to true. + label of origin. \n It is only applicable if `spec.enforcedNamespaceLabel` + set to true." items: description: ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object. @@ -14133,7 +16180,7 @@ spec: type: string name: description: Name of the referent. When not set, all resources - are matched. + in the namespace are matched. type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -14146,6 +16193,7 @@ spec: - servicemonitors - podmonitors - probes + - scrapeconfigs type: string required: - namespace @@ -14154,12 +16202,15 @@ spec: type: array exemplars: description: Exemplars related settings that are runtime reloadable. - It requires to enable the exemplar storage feature to be effective. + It requires to enable the `exemplar-storage` feature flag to be + effective. properties: maxSize: - description: Maximum number of exemplars stored in memory for - all series. If not set, Prometheus uses its default value. A - value of zero or less than zero disables the storage. + description: "Maximum number of exemplars stored in memory for + all series. \n exemplar-storage itself must be enabled using + the `spec.enableFeature` option for exemplars to be scraped + in the first place. \n If not set, Prometheus uses its default + value. A value of zero or less than zero disables the storage." format: int64 type: integer type: object @@ -14168,14 +16219,17 @@ spec: type: string description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). + Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` + take precedence over this list. type: object externalUrl: - description: The external URL the Prometheus instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Prometheus is not served from root of a DNS name. + description: The external URL under which the Prometheus service is + externally available. This is necessary to generate correct URLs + (for instance if Prometheus is accessible behind an Ingress resource). type: string hostAliases: - description: Pods' hostAliases configuration + description: Optional list of hosts and IPs that will be injected + into the Pod's hosts file if specified. items: description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. @@ -14197,27 +16251,40 @@ spec: - ip x-kubernetes-list-type: map hostNetwork: - description: Use the host's network namespace if true. Make sure to - understand the security implications if you want to enable it. When - hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet - automatically. + description: "Use the host's network namespace if true. \n Make sure + to understand the security implications if you want to enable it + (https://kubernetes.io/docs/concepts/configuration/overview/). \n + When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` + automatically." type: boolean ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector - settings from all PodMonitor, ServiceMonitor and Probe objects. - They will only discover endpoints within the namespace of the PodMonitor, - ServiceMonitor and Probe objects. Defaults to false. + description: When true, `spec.namespaceSelector` from all PodMonitor, + ServiceMonitor and Probe objects will be ignored. They will only + discover targets within the namespace of the PodMonitor, ServiceMonitor + and Probe object. type: boolean image: - description: Image if specified has precedence over baseImage, tag - and sha combinations. Specifying the version is still necessary - to ensure the Prometheus Operator knows what version of Prometheus - is being configured. + description: "Container image name for Prometheus. If specified, it + takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` + fields. \n Specifying `spec.version` is still necessary to ensure + the Prometheus Operator knows which version of Prometheus is being + configured. \n If neither `spec.image` nor `spec.baseImage` are + defined, the operator will use the latest upstream version of Prometheus + available at the time when the operator was released." + type: string + imagePullPolicy: + description: Image pull policy for the 'prometheus', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. + enum: + - "" + - Always + - Never + - IfNotPresent type: string imagePullSecrets: - description: An optional list of references to secrets in the same - namespace to use for pulling prometheus and alertmanager images - from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + description: An optional list of references to Secrets in the same + namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. @@ -14230,17 +16297,18 @@ spec: x-kubernetes-map-type: atomic type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod - definition. Those can be used to e.g. fetch secrets for injection + description: "InitContainers allows injecting initContainers to the + Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done - via a strategic merge patch. The current init container name is: - `init-config-reloader`. Overriding init containers is entirely outside - the scope of what the maintainers will support and by doing so, - you accept that this behaviour may break at any time without notice.' + via a strategic merge patch. \n The names of init container name + managed by the operator are: * `init-config-reloader`. \n Overriding + init containers is entirely outside the scope of what the maintainers + will support and by doing so, you accept that this behaviour may + break at any time without notice." items: description: A single application container that you want to run within a pod. @@ -14491,7 +16559,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -14587,7 +16657,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -14667,8 +16739,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -14700,7 +16770,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -14869,8 +16941,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -14902,7 +16972,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -14991,10 +17063,52 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -15015,10 +17129,29 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -15140,8 +17273,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -15174,16 +17307,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -15229,8 +17358,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -15262,7 +17389,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -15462,19 +17591,43 @@ spec: - name type: object type: array + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.45.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.45.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.45.0 + and newer. + format: int64 + type: integer listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, - so that it does not bind against the Pod IP. + description: When true, the Prometheus server listens on the loopback + address instead of the Pod IP's address. type: boolean logFormat: - description: Log format for Prometheus to be configured with. + description: Log format for Log level for Prometheus and the config-reloader + sidecar. enum: - "" - logfmt - json type: string logLevel: - description: Log level for Prometheus to be configured with. + description: Log level for Prometheus and the config-reloader sidecar. enum: - "" - debug @@ -15482,18 +17635,28 @@ spec: - warn - error type: string + maximumStartupDurationSeconds: + description: Defines the maximum time that the `prometheus` container's + startup probe will wait before being considered failed. The startup + probe will return success after the WAL replay is complete. If set, + the value should be greater than 60 (seconds). Otherwise it will + be equal to 600 seconds (15 minutes). + format: int32 + minimum: 60 + type: integer minReadySeconds: - description: Minimum number of seconds for which a newly created pod - should be ready without any of its container crashing for it to - be considered available. Defaults to 0 (pod will be considered available - as soon as it is ready) This is an alpha field and requires enabling - StatefulSetMinReadySeconds feature gate. + description: "Minimum number of seconds for which a newly created + Pod should be ready without any of its container crashing for it + to be considered available. Defaults to 0 (pod will be considered + available as soon as it is ready) \n This is an alpha field from + kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate." format: int32 type: integer nodeSelector: additionalProperties: type: string - description: Define which Nodes the Pods are scheduled on. + description: Defines on which Nodes the Pods are scheduled. type: object overrideHonorLabels: description: When true, Prometheus resolves label conflicts by renaming @@ -15510,9 +17673,40 @@ spec: description: When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. type: boolean + persistentVolumeClaimRetentionPolicy: + description: The field controls if and how PVCs are deleted during + the lifecycle of a StatefulSet. The default behavior is all PVCs + are retained. This is an alpha field from kubernetes 1.23 until + 1.26 and a beta field from 1.26. It requires enabling the StatefulSetAutoDeletePVC + feature gate. + properties: + whenDeleted: + description: WhenDeleted specifies what happens to PVCs created + from StatefulSet VolumeClaimTemplates when the StatefulSet is + deleted. The default policy of `Retain` causes PVCs to not be + affected by StatefulSet deletion. The `Delete` policy causes + those PVCs to be deleted. + type: string + whenScaled: + description: WhenScaled specifies what happens to PVCs created + from StatefulSet VolumeClaimTemplates when the StatefulSet is + scaled down. The default policy of `Retain` causes PVCs to not + be affected by a scaledown. The `Delete` policy causes the associated + PVCs for any excess pods above the replica count to be deleted. + type: string + type: object podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to the prometheus pods. + description: "PodMetadata configures labels and annotations which + are propagated to the Prometheus pods. \n The following items are + reserved and cannot be overridden: * \"prometheus\" label, set to + the name of the Prometheus object. * \"app.kubernetes.io/instance\" + label, set to the name of the Prometheus object. * \"app.kubernetes.io/managed-by\" + label, set to \"prometheus-operator\". * \"app.kubernetes.io/name\" + label, set to \"prometheus\". * \"app.kubernetes.io/version\" label, + set to the Prometheus version. * \"operator.prometheus.io/name\" + label, set to the name of the Prometheus object. * \"operator.prometheus.io/shard\" + label, set to the shard number of the Prometheus object. * \"kubectl.kubernetes.io/default-container\" + annotation, set to \"prometheus\"." properties: annotations: additionalProperties: @@ -15539,8 +17733,9 @@ spec: type: string type: object podMonitorNamespaceSelector: - description: Namespace's labels to match for PodMonitor discovery. - If nil, only check own namespace. + description: Namespaces to match for PodMonitors discovery. An empty + label selector matches all namespaces. A null label selector matches + the current namespace only. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -15585,9 +17780,17 @@ spec: type: object x-kubernetes-map-type: atomic podMonitorSelector: - description: '*Experimental* PodMonitors to be selected for target - discovery. *Deprecated:* if neither this nor serviceMonitorSelector - are specified, configuration is unmanaged.' + description: "*Experimental* PodMonitors to be selected for target + discovery. An empty label selector matches all objects. A null label + selector matches no objects. \n If `spec.serviceMonitorSelector`, + `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` + are null, the Prometheus configuration is unmanaged. The Prometheus + operator will ensure that the Prometheus configuration's Secret + exists, but it is the responsibility of the user to provide the + raw gzipped Prometheus configuration under the `prometheus.yaml.gz` + key. This behavior is *deprecated* and will be removed in the next + major version of the custom resource definition. It is recommended + to use `spec.additionalScrapeConfigs` instead." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -15631,16 +17834,24 @@ spec: type: object type: object x-kubernetes-map-type: atomic + podTargetLabels: + description: PodTargetLabels are appended to the `spec.podTargetLabels` + field of all PodMonitor and ServiceMonitor objects. + items: + type: string + type: array portName: - description: Port name used for the pods and governing service. This - defaults to web + default: web + description: 'Port name used for the pods and governing service. Default: + "web"' type: string priorityClassName: - description: Priority class assigned to the Pods + description: Priority class assigned to the Pods. type: string probeNamespaceSelector: - description: '*Experimental* Namespaces to be selected for Probe discovery. - If nil, only check own namespace.' + description: '*Experimental* Namespaces to match for Probe discovery. + An empty label selector matches all namespaces. A null label selector + matches the current namespace only.' properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -15685,7 +17896,17 @@ spec: type: object x-kubernetes-map-type: atomic probeSelector: - description: '*Experimental* Probes to be selected for target discovery.' + description: "*Experimental* Probes to be selected for target discovery. + An empty label selector matches all objects. A null label selector + matches no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, + `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the + Prometheus configuration is unmanaged. The Prometheus operator will + ensure that the Prometheus configuration's Secret exists, but it + is the responsibility of the user to provide the raw gzipped Prometheus + configuration under the `prometheus.yaml.gz` key. This behavior + is *deprecated* and will be removed in the next major version of + the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` + instead." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -15730,26 +17951,26 @@ spec: type: object x-kubernetes-map-type: atomic prometheusExternalLabelName: - description: Name of Prometheus external label used to denote Prometheus - instance name. Defaults to the value of `prometheus`. External label - will _not_ be added when value is set to empty string (`""`). + description: "Name of Prometheus external label used to denote the + Prometheus instance name. The external label will _not_ be added + when the field is set to the empty string (`\"\"`). \n Default: + \"prometheus\"" type: string prometheusRulesExcludedFromEnforce: - description: 'PrometheusRulesExcludedFromEnforce - list of prometheus - rules to be excluded from enforcing of adding namespace labels. - Works only if enforcedNamespaceLabel set to true. Make sure both - ruleNamespace and ruleName are set for each pair. Deprecated: use - excludedFromEnforcement instead.' + description: 'Defines the list of PrometheusRule objects to which + the namespace label enforcement doesn''t apply. This is only relevant + when `spec.enforcedNamespaceLabel` is set to true. Deprecated: use + `spec.excludedFromEnforcement` instead.' items: description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. properties: ruleName: - description: RuleNamespace - name of excluded rule + description: Name of the excluded PrometheusRule object. type: string ruleNamespace: - description: RuleNamespace - namespace of excluded rule + description: Namespace of the excluded PrometheusRule object. type: string required: - ruleName @@ -15757,8 +17978,8 @@ spec: type: object type: array query: - description: QuerySpec defines the query command line flags when starting - Prometheus. + description: QuerySpec defines the configuration of the Promethus + query service. properties: lookbackDelta: description: The delta difference allowed for retrieving metrics @@ -15767,6 +17988,7 @@ spec: maxConcurrency: description: Number of concurrent queries that can be run at once. format: int32 + minimum: 1 type: integer maxSamples: description: Maximum number of samples a single query can load @@ -15781,30 +18003,38 @@ spec: type: string type: object queryLogFile: - description: QueryLogFile specifies the file to which PromQL queries - are logged. If the filename has an empty path, e.g. 'query.log', - prometheus-operator will mount the file into an emptyDir volume - at `/var/log/prometheus`. If a full path is provided, e.g. /var/log/prometheus/query.log, + description: "queryLogFile specifies where the file to which PromQL + queries are logged. \n If the filename has an empty path, e.g. 'query.log', + The Prometheus Pods will mount the file into an emptyDir volume + at `/var/log/prometheus`. If a full path is provided, e.g. '/var/log/prometheus/query.log', you must mount a volume in the specified directory and it must be writable. This is because the prometheus container runs with a read-only root filesystem for security reasons. Alternatively, the location - can be set to a stdout location such as `/dev/stdout` to log query - information to the default Prometheus log stream. This is only available - in versions of Prometheus >= 2.16.0. For more details, see the Prometheus - docs (https://prometheus.io/docs/guides/query-log/) + can be set to a standard I/O stream, e.g. `/dev/stdout`, to log + query information to the default Prometheus log stream." + type: string + reloadStrategy: + description: Defines the strategy used to reload the Prometheus configuration. + If not specified, the configuration is reloaded using the /-/reload + HTTP endpoint. + enum: + - HTTP + - ProcessSignal type: string remoteRead: - description: remoteRead is the list of remote read configurations. + description: Defines the list of remote read configurations. items: description: RemoteReadSpec defines the configuration for Prometheus to read back samples from a remote endpoint. properties: authorization: - description: Authorization section for remote read + description: "Authorization section for the URL. \n It requires + Prometheus >= v2.26.0. \n Cannot be set at the same time as + `basicAuth`, or `oauth2`." properties: credentials: - description: The secret's key that contains the credentials - of the request + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -15824,19 +18054,21 @@ spec: x-kubernetes-map-type: atomic credentialsFile: description: File to read a secret from, mutually exclusive - with Credentials (from SafeAuthorization) + with `credentials`. type: string type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" type: string type: object basicAuth: - description: BasicAuth for the URL. + description: "BasicAuth configuration for the URL. \n Cannot + be set at the same time as `authorization`, or `oauth2`." properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. + description: '`password` specifies a key of a Secret containing + the password for authentication.' properties: key: description: The key of the secret to select from. Must @@ -15855,8 +18087,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. + description: '`username` specifies a key of a Secret containing + the username for authentication.' properties: key: description: The key of the secret to select from. Must @@ -15876,11 +18108,24 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: Bearer token for remote read. + description: "*Warning: this field shouldn't be used because + the token value appears in clear-text. Prefer using `authorization`.* + \n Deprecated: this will be removed in a future release." type: string bearerTokenFile: - description: File to read bearer token for remote read. + description: "File from which to read the bearer token for the + URL. \n Deprecated: this will be removed in a future release. + Prefer using `authorization`." type: string + filterExternalLabels: + description: "Whether to use the external labels as selectors + for the remote read endpoint. \n It requires Prometheus >= + v2.34.0." + type: boolean + followRedirects: + description: "Configure whether HTTP requests follow HTTP 3xx + redirects. \n It requires Prometheus >= v2.26.0." + type: boolean headers: additionalProperties: type: string @@ -15890,18 +18135,19 @@ spec: versions 2.26.0 and newer. type: object name: - description: The name of the remote read queue, it must be unique - if specified. The name is used in metrics and logging in order - to differentiate read configurations. Only valid in Prometheus - versions 2.15.0 and newer. + description: "The name of the remote read queue, it must be + unique if specified. The name is used in metrics and logging + in order to differentiate read configurations. \n It requires + Prometheus >= v2.15.0." type: string oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. + description: "OAuth2 configuration for the URL. \n It requires + Prometheus >= v2.27.0. \n Cannot be set at the same time as + `authorization`, or `basicAuth`." properties: clientId: - description: The secret or configmap containing the OAuth2 - client id + description: '`clientId` specifies a key of a Secret or + ConfigMap containing the OAuth2 client''s ID.' properties: configMap: description: ConfigMap containing data to use for the @@ -15945,7 +18191,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret + description: '`clientSecret` specifies a key of a Secret + containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select from. Must @@ -15966,15 +18213,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token request + description: '`scopes` defines the OAuth2 scopes used for + the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to fetch the + token from.' minLength: 1 type: string required: @@ -16000,11 +18250,11 @@ spec: to be present in a selector to query the remote read endpoint. type: object tlsConfig: - description: TLS Config to use for remote read. + description: TLS Config to use for the URL. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -16052,8 +18302,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -16139,17 +18388,19 @@ spec: type: object type: array remoteWrite: - description: remoteWrite is the list of remote write configurations. + description: Defines the list of remote write configurations. items: description: RemoteWriteSpec defines the configuration to write samples from Prometheus to a remote endpoint. properties: authorization: - description: Authorization section for remote write + description: "Authorization section for the URL. \n It requires + Prometheus >= v2.26.0. \n Cannot be set at the same time as + `sigv4`, `basicAuth`, `oauth2`, or `azureAd`." properties: credentials: - description: The secret's key that contains the credentials - of the request + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -16169,19 +18420,91 @@ spec: x-kubernetes-map-type: atomic credentialsFile: description: File to read a secret from, mutually exclusive - with Credentials (from SafeAuthorization) + with `credentials`. type: string type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" + type: string + type: object + azureAd: + description: "AzureAD for the URL. \n It requires Prometheus + >= v2.45.0. \n Cannot be set at the same time as `authorization`, + `basicAuth`, `oauth2`, or `sigv4`." + properties: + cloud: + description: The Azure Cloud. Options are 'AzurePublic', + 'AzureChina', or 'AzureGovernment'. + enum: + - AzureChina + - AzureGovernment + - AzurePublic type: string + managedIdentity: + description: ManagedIdentity defines the Azure User-assigned + Managed identity. Cannot be set at the same time as `oauth`. + properties: + clientId: + description: The client id + type: string + required: + - clientId + type: object + oauth: + description: "OAuth defines the oauth config that is being + used to authenticate. Cannot be set at the same time as + `managedIdentity`. \n It requires Prometheus >= v2.48.0." + properties: + clientId: + description: '`clientID` is the clientId of the Azure + Active Directory application that is being used to + authenticate.' + minLength: 1 + type: string + clientSecret: + description: '`clientSecret` specifies a key of a Secret + containing the client secret of the Azure Active Directory + application that is being used to authenticate.' + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tenantId: + description: '`tenantID` is the tenant ID of the Azure + Active Directory application that is being used to + authenticate.' + minLength: 1 + pattern: ^[0-9a-zA-Z-.]+$ + type: string + required: + - clientId + - clientSecret + - tenantId + type: object type: object basicAuth: - description: BasicAuth for the URL. + description: "BasicAuth configuration for the URL. \n Cannot + be set at the same time as `sigv4`, `authorization`, `oauth2`, + or `azureAd`." properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. + description: '`password` specifies a key of a Secret containing + the password for authentication.' properties: key: description: The key of the secret to select from. Must @@ -16200,8 +18523,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. + description: '`username` specifies a key of a Secret containing + the username for authentication.' properties: key: description: The key of the secret to select from. Must @@ -16221,46 +18544,54 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: Bearer token for remote write. + description: "*Warning: this field shouldn't be used because + the token value appears in clear-text. Prefer using `authorization`.* + \n Deprecated: this will be removed in a future release." type: string bearerTokenFile: - description: File to read bearer token for remote write. + description: "File from which to read bearer token for the URL. + \n Deprecated: this will be removed in a future release. Prefer + using `authorization`." type: string + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean headers: additionalProperties: type: string - description: Custom HTTP headers to be sent along with each + description: "Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by - Prometheus itself can't be overwritten. Only valid in Prometheus - versions 2.25.0 and newer. + Prometheus itself can't be overwritten. \n It requires Prometheus + >= v2.25.0." type: object metadataConfig: description: MetadataConfig configures the sending of series metadata to the remote storage. properties: send: - description: Whether metric metadata is sent to the remote - storage or not. + description: Defines whether metric metadata is sent to + the remote storage or not. type: boolean sendInterval: - description: How frequently metric metadata is sent to the - remote storage. + description: Defines how frequently metric metadata is sent + to the remote storage. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string type: object name: - description: The name of the remote write queue, it must be + description: "The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging - in order to differentiate queues. Only valid in Prometheus - versions 2.15.0 and newer. + in order to differentiate queues. \n It requires Prometheus + >= v2.15.0." type: string oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. + description: "OAuth2 configuration for the URL. \n It requires + Prometheus >= v2.27.0. \n Cannot be set at the same time as + `sigv4`, `authorization`, `basicAuth`, or `azureAd`." properties: clientId: - description: The secret or configmap containing the OAuth2 - client id + description: '`clientId` specifies a key of a Secret or + ConfigMap containing the OAuth2 client''s ID.' properties: configMap: description: ConfigMap containing data to use for the @@ -16304,7 +18635,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret + description: '`clientSecret` specifies a key of a Secret + containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select from. Must @@ -16325,15 +18657,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token request + description: '`scopes` defines the OAuth2 scopes used for + the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to fetch the + token from.' minLength: 1 type: string required: @@ -16390,18 +18725,25 @@ spec: pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string sendExemplars: - description: Enables sending of exemplars over remote write. + description: "Enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the - enableFeature option for exemplars to be scraped in the first - place. Only valid in Prometheus versions 2.27.0 and newer. + `spec.enableFeature` option for exemplars to be scraped in + the first place. \n It requires Prometheus >= v2.27.0." + type: boolean + sendNativeHistograms: + description: "Enables sending of native histograms, also known + as sparse histograms over remote write. \n It requires Prometheus + >= v2.40.0." type: boolean sigv4: - description: Sigv4 allows to configures AWS's Signature Verification - 4 + description: "Sigv4 allows to configures AWS's Signature Verification + 4 for the URL. \n It requires Prometheus >= v2.26.0. \n Cannot + be set at the same time as `authorization`, `basicAuth`, `oauth2`, + or `azureAd`." properties: accessKey: - description: AccessKey is the AWS API key. If blank, the - environment variable `AWS_ACCESS_KEY_ID` is used. + description: AccessKey is the AWS API key. If not specified, + the environment variable `AWS_ACCESS_KEY_ID` is used. properties: key: description: The key of the secret to select from. Must @@ -16430,7 +18772,7 @@ spec: description: RoleArn is the named AWS profile used to authenticate. type: string secretKey: - description: SecretKey is the AWS API secret. If blank, + description: SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. properties: key: @@ -16451,11 +18793,11 @@ spec: x-kubernetes-map-type: atomic type: object tlsConfig: - description: TLS Config to use for remote write. + description: TLS Config to use for the URL. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -16503,8 +18845,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -16588,16 +18929,16 @@ spec: writeRelabelConfigs: description: The list of remote write relabel configurations. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the + label set for targets, alerts, scraped samples and remote + write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -16617,30 +18958,35 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." format: int64 type: integer regex: description: Regular expression against which the extracted - value is matched. Default is '(.*)' + value is matched. type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator is the string between concatenated + SourceLabels. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + Separator and matched against the configured regular + expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as @@ -16649,9 +18995,10 @@ spec: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array @@ -16660,19 +19007,41 @@ spec: type: object type: array replicaExternalLabelName: - description: Name of Prometheus external label used to denote replica - name. Defaults to the value of `prometheus_replica`. External label - will _not_ be added when value is set to empty string (`""`). + description: "Name of Prometheus external label used to denote the + replica name. The external label will _not_ be added when the field + is set to the empty string (`\"\"`). \n Default: \"prometheus_replica\"" type: string replicas: - description: Number of replicas of each shard to deploy for a Prometheus - deployment. Number of replicas multiplied by shards is the total - number of Pods created. + description: "Number of replicas of each shard to deploy for a Prometheus + deployment. `spec.replicas` multiplied by `spec.shards` is the total + number of Pods created. \n Default: 1" format: int32 type: integer resources: - description: Define resources requests and limits for single Pods. + description: Defines the resources requests and limits of the 'prometheus' + container. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -16683,41 +19052,163 @@ spec: description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + retention: + description: "How long to retain the Prometheus data. \n Default: + \"24h\" if `spec.retention` and `spec.retentionSize` are empty." + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + retentionSize: + description: Maximum number of bytes used by the Prometheus data. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + routePrefix: + description: "The route prefix Prometheus registers HTTP handlers + for. \n This is useful when using `spec.externalURL`, and a proxy + is rewriting HTTP routes of a request, and the actual ExternalURL + is still true, but the server serves requests under a different + route prefix. For example for use with `kubectl proxy`." + type: string + ruleNamespaceSelector: + description: Namespaces to match for PrometheusRule discovery. An + empty label selector matches all namespaces. A null label selector + matches the current namespace only. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + ruleSelector: + description: PrometheusRule objects to be selected for rule evaluation. + An empty label selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + rules: + description: Defines the configuration of the Prometheus rules' engine. + properties: + alert: + description: "Defines the parameters of the Prometheus rules' + engine. \n Any update to these parameters trigger a restart + of the pods." + properties: + forGracePeriod: + description: "Minimum duration between alert and restored + 'for' state. \n This is maintained only for alerts with + a configured 'for' time greater than the grace period." + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string type: object type: object - retention: - description: Time duration Prometheus shall retain data for. Default - is '24h' if retentionSize is not set, and must match the regular - expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes - hours days weeks years). - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - retentionSize: - description: Maximum amount of disk space used by blocks. - pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ - type: string - routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - ruleNamespaceSelector: - description: Namespaces to be selected for PrometheusRules discovery. - If unspecified, only the same namespace as the Prometheus object - is in is used. + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. Only valid in Prometheus versions + 2.45.0 and newer. + format: int64 + type: integer + scrapeConfigNamespaceSelector: + description: Namespaces to match for ScrapeConfig discovery. An empty + label selector matches all namespaces. A null label selector matches + the current current namespace only. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -16761,13 +19252,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic - ruleSelector: - description: A selector to select which PrometheusRules to mount for - loading alerting/recording rules from. Until (excluding) Prometheus - Operator v0.24.0 Prometheus Operator will migrate any legacy rule - ConfigMaps to PrometheusRule custom resources selected by RuleSelector. - Make sure it does not match any config maps that you do not want - to be migrated. + scrapeConfigSelector: + description: "*Experimental* ScrapeConfigs to be selected for target + discovery. An empty label selector matches all objects. A null label + selector matches no objects. \n If `spec.serviceMonitorSelector`, + `spec.podMonitorSelector`, `spec.probeSelector` and `spec.scrapeConfigSelector` + are null, the Prometheus configuration is unmanaged. The Prometheus + operator will ensure that the Prometheus configuration's Secret + exists, but it is the responsibility of the user to provide the + raw gzipped Prometheus configuration under the `prometheus.yaml.gz` + key. This behavior is *deprecated* and will be removed in the next + major version of the custom resource definition. It is recommended + to use `spec.additionalScrapeConfigs` instead." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -16811,35 +19307,14 @@ spec: type: object type: object x-kubernetes-map-type: atomic - rules: - description: /--rules.*/ command-line arguments. - properties: - alert: - description: /--rules.alert.*/ command-line arguments - properties: - forGracePeriod: - description: Minimum duration between alert and restored 'for' - state. This is maintained only for alerts with configured - 'for' time greater than grace period. - type: string - forOutageTolerance: - description: Max time to tolerate prometheus outage for restoring - 'for' state of alert. - type: string - resendDelay: - description: Minimum amount of time to wait before resending - an alert to Alertmanager. - type: string - type: object - type: object scrapeInterval: default: 30s - description: 'Interval between consecutive scrapes. Default: `30s`' + description: "Interval between consecutive scrapes. \n Default: \"30s\"" pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string scrapeTimeout: - description: Number of seconds to wait for target to respond before - erroring. + description: Number of seconds to wait until a scrape request times + out. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -16938,7 +19413,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -16952,9 +19428,14 @@ spec: type: object supplementalGroups: description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. Note - that this field cannot be set when spec.os.name is windows. + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. items: format: int64 type: integer @@ -16997,14 +19478,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -17020,8 +19498,9 @@ spec: to use to run the Prometheus Pods. type: string serviceMonitorNamespaceSelector: - description: Namespace's labels to match for ServiceMonitor discovery. - If nil, only check own namespace. + description: Namespaces to match for ServicedMonitors discovery. An + empty label selector matches all namespaces. A null label selector + matches the current namespace only. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -17066,9 +19545,17 @@ spec: type: object x-kubernetes-map-type: atomic serviceMonitorSelector: - description: ServiceMonitors to be selected for target discovery. - *Deprecated:* if neither this nor podMonitorSelector are specified, - configuration is unmanaged. + description: "ServiceMonitors to be selected for target discovery. + An empty label selector matches all objects. A null label selector + matches no objects. \n If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, + `spec.probeSelector` and `spec.scrapeConfigSelector` are null, the + Prometheus configuration is unmanaged. The Prometheus operator will + ensure that the Prometheus configuration's Secret exists, but it + is the responsibility of the user to provide the raw gzipped Prometheus + configuration under the `prometheus.yaml.gz` key. This behavior + is *deprecated* and will be removed in the next major version of + the custom resource definition. It is recommended to use `spec.additionalScrapeConfigs` + instead." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -17113,34 +19600,32 @@ spec: type: object x-kubernetes-map-type: atomic sha: - description: 'SHA of Prometheus container image to be deployed. Defaults - to the value of `version`. Similar to a tag, but the SHA explicitly - deploys an immutable container image. Version and Tag are ignored - if SHA is set. Deprecated: use ''image'' instead. The image digest - can be specified as part of the image URL.' + description: 'Deprecated: use ''spec.image'' instead. The image''s + digest can be specified as part of the image name.' type: string shards: - description: 'EXPERIMENTAL: Number of shards to distribute targets - onto. Number of replicas multiplied by shards is the total number - of Pods created. Note that scaling down shards will not reshard + description: "EXPERIMENTAL: Number of shards to distribute targets + onto. `spec.replicas` multiplied by `spec.shards` is the total number + of Pods created. \n Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available - from the same instances. To query globally use Thanos sidecar and - Thanos querier or remote write data to a central location. Sharding - is done on the content of the `__address__` target meta-label.' + from the same instances. To query globally, use Thanos sidecar and + Thanos querier or remote write data to a central location. \n Sharding + is performed on the content of the `__address__` target meta-label + for PodMonitors and ServiceMonitors and `__param_target__` for Probes. + \n Default: 1" format: int32 type: integer storage: - description: Storage spec to specify how storage shall be used. + description: Storage defines the storage used by Prometheus. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default - in a future release, this option will become unnecessary. DisableMountSubPath - allows to remove any subPath usage in volume mounts.' + description: 'Deprecated: subPath usage will be removed in a future + release.' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. + description: 'EmptyDirVolumeSource to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: @@ -17159,13 +19644,13 @@ spec: medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the Prometheus - StatefulSets. This is a beta field in k8s 1.21, for lower versions, + description: 'EphemeralVolumeSource to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: @@ -17213,9 +19698,12 @@ spec: provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource feature gate - is enabled, this field will always have the same - contents as the DataSourceRef field.' + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -17240,27 +19728,33 @@ spec: dataSourceRef: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed if - the type of the specified object matches some installed - volume populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, - they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) will - be set to the same value automatically if one of - them is empty and the other is non-empty. There - are two important differences between DataSource - and DataSourceRef: * While DataSource only allows - two specific types of objects, DataSourceRef allows + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is - specified. (Beta) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -17277,11 +19771,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -17290,6 +19794,30 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -17311,8 +19839,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -17383,7 +19911,10 @@ spec: type: object type: object volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. + description: Defines the PVC spec to be used by the Prometheus + StatefulSets. The easiest way to use a volume that cannot be + automatically provisioned is to use a label selector alongside + manually created PersistentVolumes. properties: apiVersion: description: 'APIVersion defines the versioned schema of this @@ -17428,8 +19959,8 @@ spec: type: string type: object spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Defines the desired characteristics of a volume + requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: description: 'accessModes contains the desired access @@ -17443,9 +19974,12 @@ spec: * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the - contents of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will always have - the same contents as the DataSourceRef field.' + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -17467,24 +20001,31 @@ spec: dataSourceRef: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any local object from - a non-empty API group (non core object) or a PersistentVolumeClaim + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource + This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) will be set - to the same value automatically if one of them is empty - and the other is non-empty. There are two important - differences between DataSource and DataSourceRef: * - While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well as - PersistentVolumeClaim objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef preserves - all values, and generates an error if a disallowed value - is specified. (Beta) Using this field requires the AnyVolumeDataSource + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -17499,11 +20040,20 @@ spec: name: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -17512,6 +20062,30 @@ spec: must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -17533,7 +20107,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -17598,8 +20173,7 @@ spec: type: string type: object status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Deprecated: this field is never set.' properties: accessModes: description: 'accessModes contains the actual access modes @@ -17607,6 +20181,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -17614,19 +20233,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -17643,7 +20274,7 @@ spec: volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: @@ -17681,28 +20312,23 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object tag: - description: 'Tag of Prometheus container image to be deployed. Defaults - to the value of `version`. Version is ignored if Tag is set. Deprecated: - use ''image'' instead. The image tag can be specified as part of - the image URL.' + description: 'Deprecated: use ''spec.image'' instead. The image''s + tag can be specified as part of the image name.' type: string + targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. Only valid in Prometheus versions + 2.45.0 and newer. + format: int64 + type: integer thanos: - description: "Thanos configuration allows configuring various aspects - of a Prometheus server in a Thanos environment. \n This section - is experimental, it may change significantly without deprecation - notice in any release. \n This is experimental and may change significantly - without backward compatibility in any release." + description: "Defines the configuration of the optional Thanos sidecar. + \n This section is experimental, it may change significantly without + deprecation notice in any release." properties: additionalArgs: description: AdditionalArgs allows setting additional arguments @@ -17710,7 +20336,7 @@ spec: the Thanos container which may cause issues if they are invalid or not supported the given Thanos version. In case of an argument conflict (e.g. an argument which is already set by the operator - itself) or when providing an invalid argument the reconciliation + itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged. items: description: Argument as part of the AdditionalArgs list. @@ -17728,23 +20354,42 @@ spec: type: object type: array baseImage: - description: 'Thanos base image if other than default. Deprecated: - use ''image'' instead' + description: 'Deprecated: use ''image'' instead.' + type: string + blockSize: + default: 2h + description: "BlockDuration controls the size of TSDB blocks produced + by Prometheus. The default value is 2h to match the upstream + Prometheus defaults. \n WARNING: Changing the block duration + can impact the performance and efficiency of the entire Prometheus/Thanos + stack due to how it interacts with memory and Thanos compactors. + It is recommended to keep this value set to a multiple of 120 + times your longest scrape or rule interval. For example, 30s + * 120 = 1h." + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + getConfigInterval: + description: How often to retrieve the Prometheus configuration. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + getConfigTimeout: + description: Maximum time to wait when retrieving the Prometheus + configuration. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string grpcListenLocal: - description: If true, the Thanos sidecar listens on the loopback - interface for the gRPC endpoints. It has no effect if `listenLocal` - is true. + description: "When true, the Thanos sidecar listens on the loopback + interface instead of the Pod IP's address for the gRPC endpoints. + \n It has no effect if `listenLocal` is true." type: boolean grpcServerTlsConfig: - description: 'GRPCServerTLSConfig configures the TLS parameters - for the gRPC server providing the StoreAPI. Note: Currently - only the CAFile, CertFile, and KeyFile fields are supported. - Maps to the ''--grpc-server-tls-*'' CLI args.' + description: "Configures the TLS parameters for the gRPC server + providing the StoreAPI. \n Note: Currently only the `caFile`, + `certFile`, and `keyFile` fields are supported." properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -17792,8 +20437,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for the - targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -17872,31 +20516,33 @@ spec: type: string type: object httpListenLocal: - description: If true, the Thanos sidecar listens on the loopback - interface for the HTTP endpoints. It has no effect if `listenLocal` - is true. + description: "When true, the Thanos sidecar listens on the loopback + interface instead of the Pod IP's address for the HTTP endpoints. + \n It has no effect if `listenLocal` is true." type: boolean image: - description: Image if specified has precedence over baseImage, - tag and sha combinations. Specifying the version is still necessary - to ensure the Prometheus Operator knows what version of Thanos - is being configured. + description: "Container image name for Thanos. If specified, it + takes precedence over the `spec.thanos.baseImage`, `spec.thanos.tag` + and `spec.thanos.sha` fields. \n Specifying `spec.thanos.version` + is still necessary to ensure the Prometheus Operator knows which + version of Thanos is being configured. \n If neither `spec.thanos.image` + nor `spec.thanos.baseImage` are defined, the operator will use + the latest upstream version of Thanos available at the time + when the operator was released." type: string listenLocal: - description: 'If true, the Thanos sidecar listens on the loopback - interface for the HTTP and gRPC endpoints. It takes precedence - over `grpcListenLocal` and `httpListenLocal`. Deprecated: use - `grpcListenLocal` and `httpListenLocal` instead.' + description: 'Deprecated: use `grpcListenLocal` and `httpListenLocal` + instead.' type: boolean logFormat: - description: LogFormat for Thanos sidecar to be configured with. + description: Log format for the Thanos sidecar. enum: - "" - logfmt - json type: string logLevel: - description: LogLevel for Thanos sidecar to be configured with. + description: Log level for the Thanos sidecar. enum: - "" - debug @@ -17905,15 +20551,16 @@ spec: - error type: string minTime: - description: MinTime for Thanos sidecar to be configured with. - Option can be a constant time in RFC3339 format or time duration - relative to current time, such as -1d or 2h45m. Valid duration - units are ms, s, m, h, d, w, y. + description: Defines the start of time range limit served by the + Thanos sidecar's StoreAPI. The field's value should be a constant + time in RFC3339 format or a time duration relative to current + time, such as -1d or 2h45m. Valid duration units are ms, s, + m, h, d, w, y. type: string objectStorageConfig: - description: ObjectStorageConfig configures object storage in - Thanos. Alternative to ObjectStorageConfigFile, and lower order - priority. + description: "Defines the Thanos sidecar's configuration to upload + TSDB blocks to object storage. \n More info: https://thanos.io/tip/thanos/storage.md/ + \n objectStorageConfigFile takes precedence over this field." properties: key: description: The key of the secret to select from. Must be @@ -17932,20 +20579,41 @@ spec: type: object x-kubernetes-map-type: atomic objectStorageConfigFile: - description: ObjectStorageConfigFile specifies the path of the - object storage configuration file. When used alongside with - ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + description: "Defines the Thanos sidecar's configuration file + to upload TSDB blocks to object storage. \n More info: https://thanos.io/tip/thanos/storage.md/ + \n This field takes precedence over objectStorageConfig." type: string readyTimeout: - description: ReadyTimeout is the maximum time Thanos sidecar will - wait for Prometheus to start. Eg 10m + description: ReadyTimeout is the maximum time that the Thanos + sidecar will wait for Prometheus to start. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string resources: - description: Resources defines the resource requirements for the - Thanos sidecar. If not provided, no requests/limits will be - set + description: Defines the resources requests and limits of the + Thanos sidecar. properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -17966,26 +20634,24 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object sha: - description: 'SHA of Thanos container image to be deployed. Defaults - to the value of `version`. Similar to a tag, but the SHA explicitly - deploys an immutable container image. Version and Tag are ignored - if SHA is set. Deprecated: use ''image'' instead. The image - digest can be specified as part of the image URL.' + description: 'Deprecated: use ''image'' instead. The image digest + can be specified as part of the image name.' type: string tag: - description: 'Tag of Thanos sidecar container image to be deployed. - Defaults to the value of `version`. Version is ignored if Tag - is set. Deprecated: use ''image'' instead. The image tag can - be specified as part of the image URL.' + description: 'Deprecated: use ''image'' instead. The image''s + tag can be specified as as part of the image name.' type: string tracingConfig: - description: TracingConfig configures tracing in Thanos. This - is an experimental feature, it may change in any upcoming release - in a breaking way. + description: "Defines the tracing configuration for the Thanos + sidecar. \n More info: https://thanos.io/tip/thanos/tracing.md/ + \n This is an experimental feature, it may change in any upcoming + release in a breaking way. \n tracingConfigFile takes precedence + over this field." properties: key: description: The key of the secret to select from. Must be @@ -18004,18 +20670,23 @@ spec: type: object x-kubernetes-map-type: atomic tracingConfigFile: - description: TracingConfig specifies the path of the tracing configuration - file. When used alongside with TracingConfig, TracingConfigFile - takes precedence. + description: "Defines the tracing configuration file for the Thanos + sidecar. \n More info: https://thanos.io/tip/thanos/tracing.md/ + \n This is an experimental feature, it may change in any upcoming + release in a breaking way. \n This field takes precedence over + tracingConfig." type: string version: - description: Version describes the version of Thanos to use. + description: "Version of Thanos being deployed. The operator uses + this information to generate the Prometheus StatefulSet + configuration + files. \n If not specified, the operator assumes the latest + upstream release of Thanos available at the time when the version + of the operator was released." type: string volumeMounts: description: VolumeMounts allows configuration of additional VolumeMounts - on the output StatefulSet definition. VolumeMounts specified - will be appended to other VolumeMounts in the thanos-sidecar - container. + for Thanos. VolumeMounts specified will be appended to other + VolumeMounts in the 'thanos-sidecar' container. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -18056,7 +20727,7 @@ spec: type: array type: object tolerations: - description: If specified, the pod's tolerations. + description: Defines the Pods' tolerations if specified. items: description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching @@ -18096,11 +20767,16 @@ spec: type: object type: array topologySpreadConstraints: - description: If specified, the pod's topology spread constraints. + description: Defines the pod's topology spread constraints if specified. items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. properties: + additionalLabelSelectors: + description: Defines what Prometheus Operator managed labels + should be added to labelSelector on the topologySpreadConstraint. + enum: + - OnResource + - OnShard + type: string labelSelector: description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the @@ -18149,14 +20825,18 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the incoming - pod labels will be ignored. A null or empty list means only - match against labelSelector. + for the incoming pod. The same key is forbidden to exist in + both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist + in the incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. \n This is a + beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -18213,8 +20893,8 @@ spec: are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor - policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." + policy. This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: description: "NodeTaintsPolicy indicates how we will treat node @@ -18223,8 +20903,8 @@ spec: for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: description: TopologyKey is the key of node labels. Nodes that @@ -18263,28 +20943,211 @@ spec: - whenUnsatisfiable type: object type: array + tracingConfig: + description: 'EXPERIMENTAL: TracingConfig configures tracing in Prometheus. + This is an experimental feature, it may change in any upcoming release + in a breaking way.' + properties: + clientType: + description: Client used to export the traces. Supported values + are `http` or `grpc`. + enum: + - http + - grpc + type: string + compression: + description: Compression key for supported compression types. + The only supported value is `gzip`. + enum: + - gzip + type: string + endpoint: + description: Endpoint to send the traces to. Should be provided + in format :. + minLength: 1 + type: string + headers: + additionalProperties: + type: string + description: Key-value pairs to be used as headers associated + with gRPC or HTTP requests. + type: object + insecure: + description: If disabled, the client will use a secure connection. + type: boolean + samplingFraction: + anyOf: + - type: integer + - type: string + description: Sets the probability a given trace will be sampled. + Must be a float from 0 through 1. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeout: + description: Maximum time the exporter will wait for each batch + export. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tlsConfig: + description: TLS Config to use when sending traces. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - endpoint + type: object tsdb: description: Defines the runtime reloadable configuration of the timeseries database (TSDB). properties: outOfOrderTimeWindow: - description: Configures how old an out-of-order/out-of-bounds - sample can be w.r.t. the TSDB max time. An out-of-order/out-of-bounds + description: "Configures how old an out-of-order/out-of-bounds + sample can be with respect to the TSDB max time. \n An out-of-order/out-of-bounds sample is ingested into the TSDB as long as the timestamp of - the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). Out - of order ingestion is an experimental feature and requires Prometheus - >= v2.39.0. + the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). \n Out + of order ingestion is an experimental feature. \n It requires + Prometheus >= v2.39.0." pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string type: object version: - description: Version of Prometheus to be deployed. + description: "Version of Prometheus being deployed. The operator uses + this information to generate the Prometheus StatefulSet + configuration + files. \n If not specified, the operator assumes the latest upstream + version of Prometheus available at the time when the version of + the operator was released." type: string volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts - on the output StatefulSet definition. VolumeMounts specified will - be appended to other VolumeMounts in the prometheus container, that - are generated as a result of StorageSpec objects. + description: "VolumeMounts allows the configuration of additional + VolumeMounts. \n VolumeMounts will be appended to other VolumeMounts + in the 'prometheus' container, that are generated as a result of + StorageSpec objects." items: description: VolumeMount describes a mounting of a Volume within a container. @@ -18323,9 +21186,10 @@ spec: type: object type: array volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. Volumes specified will be appended - to other volumes that are generated as a result of StorageSpec objects. + description: Volumes allows the configuration of additional volumes + on the output StatefulSet definition. Volumes specified will be + appended to other volumes that are generated as a result of StorageSpec + objects. items: description: Volume represents a named volume in a pod that may be accessed by any container in the pod. @@ -18711,7 +21575,7 @@ spec: medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -18779,9 +21643,12 @@ spec: provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have the - same contents as the DataSourceRef field.' + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -18807,27 +21674,35 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API group (non core - object) or a PersistentVolumeClaim object. When - this field is specified, volume binding will only - succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as such if both fields are + dataSource field and as such if both fields are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While - DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef - preserves all values, and generates an error if - a disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource feature - gate to be enabled.' + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -18844,11 +21719,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -18857,6 +21742,31 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -18878,8 +21788,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -19838,11 +22748,12 @@ spec: type: object type: array walCompression: - description: Enable compression of the write-ahead log using Snappy. - This flag is only available in versions of Prometheus >= 2.11.0. + description: "Configures compression of the write-ahead log (WAL) + using Snappy. \n WAL compression is enabled by default for Prometheus + >= 2.20.0 \n Requires Prometheus v2.11.0 and above." type: boolean web: - description: Defines the web command line flags when starting Prometheus. + description: Defines the configuration of the Prometheus web server. properties: httpConfig: description: Defines HTTP parameters for web server. @@ -19891,8 +22802,15 @@ spec: a rolling update will be triggered. type: boolean type: object + maxConnections: + description: Defines the maximum number of simultaneous connections + A zero value means that Prometheus doesn't accept any incoming + connection. + format: int32 + minimum: 0 + type: integer pageTitle: - description: The prometheus web page title + description: The prometheus web page title. type: string tlsConfig: description: Defines the TLS parameters for HTTPS. @@ -20057,8 +22975,8 @@ spec: conditions: description: The current state of the Prometheus deployment. items: - description: PrometheusCondition represents the state of the resources - associated with the Prometheus resource. + description: Condition represents the state of the resources associated + with the Prometheus, Alertmanager or ThanosRuler resource. properties: lastTransitionTime: description: lastTransitionTime is the time of the last update @@ -20071,8 +22989,8 @@ spec: type: string observedGeneration: description: ObservedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration + that the condition was set based upon. For instance, if `.metadata.generation` + is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the instance. format: int64 @@ -20081,7 +22999,7 @@ spec: description: Reason for the condition's last transition. type: string status: - description: status of the condition. + description: Status of the condition. type: string type: description: Type of the condition being reported. @@ -20104,6 +23022,10 @@ spec: Prometheus deployment (their labels match the selector). format: int32 type: integer + selector: + description: The selector used to match the pods targeted by this + Prometheus resource. + type: string shardStatuses: description: The list has one entry per shard. Each entry provides a summary of the shard status. @@ -20142,6 +23064,10 @@ spec: x-kubernetes-list-map-keys: - shardID x-kubernetes-list-type: map + shards: + description: Shards is the most recently observed number of shards. + format: int32 + type: integer unavailableReplicas: description: Total number of unavailable pods targeted by this Prometheus deployment. @@ -20165,14 +23091,18 @@ spec: served: true storage: true subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.shards + statusReplicasPath: .status.shards status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 + operator.prometheus.io/version: 0.71.2 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20211,18 +23141,30 @@ spec: groups: description: Content of Prometheus rule file items: - description: 'RuleGroup is a list of sequentially evaluated recording - and alerting rules. Note: PartialResponseStrategy is only used - by ThanosRuler and will be ignored by Prometheus instances. Valid - values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response' + description: RuleGroup is a list of sequentially evaluated recording + and alerting rules. properties: interval: + description: Interval determines how often rules in the group + are evaluated. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + limit: + description: Limit the number of alerts an alerting rule and + series a recording rule can produce. Limit is supported starting + with Prometheus >= 2.31 and Thanos Ruler >= 0.24. + type: integer name: + description: Name of the rule group. + minLength: 1 type: string partial_response_strategy: + description: 'PartialResponseStrategy is only used by ThanosRuler + and will be ignored by Prometheus instances. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response' + pattern: ^(?i)(abort|warn)?$ type: string rules: + description: List of alerting and recording rules. items: description: 'Rule describes an alerting or recording rule See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) @@ -20230,23 +23172,42 @@ spec: rule' properties: alert: + description: Name of the alert. Must be a valid label + value. Only one of `record` and `alert` must be set. type: string annotations: additionalProperties: type: string + description: Annotations to add to each alert. Only valid + for alerting rules. type: object expr: anyOf: - type: integer - type: string + description: PromQL expression to evaluate. x-kubernetes-int-or-string: true for: + description: Alerts are considered firing once they have + been returned for this long. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + keep_firing_for: + description: KeepFiringFor defines how long an alert will + continue firing after the condition that triggered it + has cleared. + minLength: 1 + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string labels: additionalProperties: type: string + description: Labels to add or overwrite. type: object record: + description: Name of the time series to output to. Must + be a valid metric name. Only one of `record` and `alert` + must be set. type: string required: - expr @@ -20254,9 +23215,11 @@ spec: type: array required: - name - - rules type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map type: object required: - spec @@ -20268,8 +23231,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 + operator.prometheus.io/version: 0.71.2 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20306,37 +23269,48 @@ spec: by Prometheus. properties: attachMetadata: - description: 'Attaches node metadata to discovered targets. Only valid - for role: pod. Only valid in Prometheus versions 2.35.0 and newer.' + description: "`attachMetadata` defines additional metadata which is + added to the discovered targets. \n It requires Prometheus >= v2.37.0." properties: node: - description: When set to true, Prometheus must have permissions - to get Nodes. + description: When set to true, Prometheus must have the `get` + permission on the `Nodes` objects. type: boolean type: object jobLabel: - description: The label to use to retrieve the job name from. + description: "The label to use to retrieve the job name from. `jobLabel` + selects the label from the associated Kubernetes `Pod` object which + will be used as the `job` label for all metrics. \n For example + if `jobLabel` is set to `foo` and the Kubernetes `Pod` object is + labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"` + label to all ingested metrics. \n If the value of this field is + empty, the `job` label of the metrics defaults to the namespace + and name of the PodMonitor object (e.g. `/`)." type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. + description: "Per-scrape limit on number of labels that will be accepted + for a sample. \n It requires Prometheus >= v2.27.0." format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. + description: "Per-scrape limit on length of labels name that will + be accepted for a sample. \n It requires Prometheus >= v2.27.0." format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. + description: "Per-scrape limit on length of labels value that will + be accepted for a sample. \n It requires Prometheus >= v2.27.0." format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. + description: Selector to select which namespaces the Kubernetes `Pods` + objects are discovered from. properties: any: description: Boolean describing whether all namespaces are selected @@ -20349,17 +23323,19 @@ spec: type: array type: object podMetricsEndpoints: - description: A list of endpoints allowed as part of this PodMonitor. + description: List of endpoints part of this PodMonitor. items: - description: PodMetricsEndpoint defines a scrapeable endpoint of - a Kubernetes Pod serving Prometheus metrics. + description: PodMetricsEndpoint defines an endpoint serving Prometheus + metrics to be scraped by Prometheus. properties: authorization: - description: Authorization section for this endpoint + description: "`authorization` configures the Authorization header + credentials to use when scraping the target. \n Cannot be + set at the same time as `basicAuth`, or `oauth2`." properties: credentials: - description: The secret's key that contains the credentials - of the request + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -20378,17 +23354,19 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + description: "`basicAuth` configures the Basic Authentication + credentials to use when scraping the target. \n Cannot be + set at the same time as `authorization`, or `oauth2`." properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. + description: '`password` specifies a key of a Secret containing + the password for authentication.' properties: key: description: The key of the secret to select from. Must @@ -20407,8 +23385,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. + description: '`username` specifies a key of a Secret containing + the username for authentication.' properties: key: description: The key of the secret to select from. Must @@ -20428,9 +23406,11 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - pod monitor and accessible by the Prometheus Operator. + description: "`bearerTokenSecret` specifies a key of a Secret + containing the bearer token for scraping targets. The secret + needs to be in the same namespace as the PodMonitor object + and readable by the Prometheus Operator. \n Deprecated: use + `authorization` instead." properties: key: description: The key of the secret to select from. Must @@ -20449,43 +23429,47 @@ spec: type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. + description: '`enableHttp2` can be used to disable HTTP2 when + scraping the target.' type: boolean filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' + description: "When true, the pods which are not running (e.g. + either in Failed or Succeeded state) are dropped during the + target discovery. \n If unset, the filtering is enabled. \n + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. + description: '`followRedirects` defines whether the scrape requests + should follow HTTP 3xx redirects.' type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. + description: When true, `honorLabels` preserves the metric's + labels when they collide with the target's labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. + description: '`honorTimestamps` controls whether Prometheus + preserves the timestamps when exposed by the target.' type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. + description: "Interval at which Prometheus scrapes the metrics + from the target. \n If empty, Prometheus uses the global scrape + interval." pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. + description: '`metricRelabelings` configures the relabeling + rules to apply to the samples before ingestion.' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the + label set for targets, alerts, scraped samples and remote + write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -20505,30 +23489,35 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." format: int64 type: integer regex: description: Regular expression against which the extracted - value is matched. Default is '(.*)' + value is matched. type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator is the string between concatenated + SourceLabels. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + Separator and matched against the configured regular + expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as @@ -20537,19 +23526,21 @@ spec: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. + description: "`oauth2` configures the OAuth2 settings to use + when scraping the target. \n It requires Prometheus >= 2.27.0. + \n Cannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: - description: The secret or configmap containing the OAuth2 - client id + description: '`clientId` specifies a key of a Secret or + ConfigMap containing the OAuth2 client''s ID.' properties: configMap: description: ConfigMap containing data to use for the @@ -20593,7 +23584,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret + description: '`clientSecret` specifies a key of a Secret + containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select from. Must @@ -20614,15 +23606,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token request + description: '`scopes` defines the OAuth2 scopes used for + the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to fetch the + token from.' minLength: 1 type: string required: @@ -20635,37 +23630,38 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters + description: '`params` define optional HTTP URL parameters.' type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). + description: "HTTP path from which to scrape for metrics. \n + If empty, Prometheus uses the default value (e.g. `/metrics`)." type: string port: - description: Name of the pod port this endpoint refers to. Mutually - exclusive with targetPort. + description: "Name of the Pod port which this endpoint refers + to. \n It takes precedence over `targetPort`." type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. + description: '`proxyURL` configures the HTTP Proxy URL (e.g. + "http://proxyserver:2195") to go through when scraping the + target.' type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: "`relabelings` configures the relabeling rules + to apply the target's metadata labels. \n The Operator automatically + adds relabelings for a few standard Kubernetes fields. \n + The original scrape job's name is available via the `__tmp_prometheus_job_name` + label. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the + label set for targets, alerts, scraped samples and remote + write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -20685,30 +23681,35 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." format: int64 type: integer regex: description: Regular expression against which the extracted - value is matched. Default is '(.*)' + value is matched. type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator is the string between concatenated + SourceLabels. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + Separator and matched against the configured regular + expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as @@ -20717,32 +23718,43 @@ spec: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. + description: "HTTP scheme to use for scraping. \n `http` and + `https` are the expected values unless you rewrite the `__scheme__` + label via relabeling. \n If empty, Prometheus uses the default + value `http`." + enum: + - http + - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape interval is used. + description: "Timeout after which Prometheus considers the scrape + to be failed. \n If empty, Prometheus uses the global scrape + timeout unless it is less than the target's scrape interval + value in which the latter is used." pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: 'Deprecated: Use ''port'' instead.' + description: "Name or number of the target port of the `Pod` + object behind the Service, the port must be specified with + container port property. \n Deprecated: use 'port' instead." x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint. + description: TLS configuration to use when scraping the target. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -20786,8 +23798,7 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -20857,21 +23868,27 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + trackTimestampsStaleness: + description: "`trackTimestampsStaleness` defines whether Prometheus + tracks staleness of the metrics that have an explicit timestamp + present in scraped data. Has no effect if `honorTimestamps` + is false. \n It requires Prometheus >= v2.48.0." + type: boolean type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. + description: '`podTargetLabels` defines the labels which are transferred + from the associated Kubernetes `Pod` object onto the ingested metrics.' items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. + description: '`sampleLimit` defines a per-scrape limit on the number + of scraped samples that will be accepted.' format: int64 type: integer selector: - description: Selector to select Pod objects. + description: Label selector to select the Kubernetes `Pod` objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -20916,12 +23933,11 @@ spec: type: object x-kubernetes-map-type: atomic targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. + description: '`targetLimit` defines a limit on the number of scraped + targets that will be accepted.' format: int64 type: integer required: - - podMetricsEndpoints - selector type: object required: @@ -20934,8 +23950,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 + operator.prometheus.io/version: 0.71.2 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20971,18 +23987,29 @@ spec: description: Specification of desired Service selection for target discovery by Prometheus. properties: + attachMetadata: + description: "`attachMetadata` defines additional metadata which is + added to the discovered targets. \n It requires Prometheus >= v2.37.0." + properties: + node: + description: When set to true, Prometheus must have the `get` + permission on the `Nodes` objects. + type: boolean + type: object endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. + description: List of endpoints part of this ServiceMonitor. items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. + description: Endpoint defines an endpoint serving Prometheus metrics + to be scraped by Prometheus. properties: authorization: - description: Authorization section for this endpoint + description: "`authorization` configures the Authorization header + credentials to use when scraping the target. \n Cannot be + set at the same time as `basicAuth`, or `oauth2`." properties: credentials: - description: The secret's key that contains the credentials - of the request + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must @@ -21001,17 +24028,19 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error + description: "Defines the authentication type. The value + is case-insensitive. \n \"Basic\" is not a supported value. + \n Default: \"Bearer\"" type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + description: "`basicAuth` configures the Basic Authentication + credentials to use when scraping the target. \n Cannot be + set at the same time as `authorization`, or `oauth2`." properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. + description: '`password` specifies a key of a Secret containing + the password for authentication.' properties: key: description: The key of the secret to select from. Must @@ -21030,8 +24059,8 @@ spec: type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. + description: '`username` specifies a key of a Secret containing + the username for authentication.' properties: key: description: The key of the secret to select from. Must @@ -21051,12 +24080,15 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenFile: - description: File to read bearer token for scraping targets. + description: "File to read bearer token for scraping the target. + \n Deprecated: use `authorization` instead." type: string bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - service monitor and accessible by the Prometheus Operator. + description: "`bearerTokenSecret` specifies a key of a Secret + containing the bearer token for scraping targets. The secret + needs to be in the same namespace as the ServiceMonitor object + and readable by the Prometheus Operator. \n Deprecated: use + `authorization` instead." properties: key: description: The key of the secret to select from. Must @@ -21075,39 +24107,47 @@ spec: type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. + description: '`enableHttp2` can be used to disable HTTP2 when + scraping the target.' + type: boolean + filterRunning: + description: "When true, the pods which are not running (e.g. + either in Failed or Succeeded state) are dropped during the + target discovery. \n If unset, the filtering is enabled. \n + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase" type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. + description: '`followRedirects` defines whether the scrape requests + should follow HTTP 3xx redirects.' type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. + description: When true, `honorLabels` preserves the metric's + labels when they collide with the target's labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. + description: '`honorTimestamps` controls whether Prometheus + preserves the timestamps when exposed by the target.' type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. + description: "Interval at which Prometheus scrapes the metrics + from the target. \n If empty, Prometheus uses the global scrape + interval." pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. + description: '`metricRelabelings` configures the relabeling + rules to apply to the samples before ingestion.' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the + label set for targets, alerts, scraped samples and remote + write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -21127,30 +24167,35 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." format: int64 type: integer regex: description: Regular expression against which the extracted - value is matched. Default is '(.*)' + value is matched. type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator is the string between concatenated + SourceLabels. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + Separator and matched against the configured regular + expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as @@ -21159,19 +24204,21 @@ spec: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. + description: "`oauth2` configures the OAuth2 settings to use + when scraping the target. \n It requires Prometheus >= 2.27.0. + \n Cannot be set at the same time as `authorization`, or `basicAuth`." properties: clientId: - description: The secret or configmap containing the OAuth2 - client id + description: '`clientId` specifies a key of a Secret or + ConfigMap containing the OAuth2 client''s ID.' properties: configMap: description: ConfigMap containing data to use for the @@ -21215,7 +24262,8 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret + description: '`clientSecret` specifies a key of a Secret + containing the OAuth2 client''s secret.' properties: key: description: The key of the secret to select from. Must @@ -21236,15 +24284,18 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL + description: '`endpointParams` configures the HTTP parameters + to append to the token URL.' type: object scopes: - description: OAuth2 scopes used for the token request + description: '`scopes` defines the OAuth2 scopes used for + the token request.' items: type: string type: array tokenUrl: - description: The URL to fetch the token from + description: '`tokenURL` configures the URL to fetch the + token from.' minLength: 1 type: string required: @@ -21257,37 +24308,38 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters + description: params define optional HTTP URL parameters. type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). + description: "HTTP path from which to scrape for metrics. \n + If empty, Prometheus uses the default value (e.g. `/metrics`)." type: string port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. + description: "Name of the Service port which this endpoint refers + to. \n It takes precedence over `targetPort`." type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. + description: '`proxyURL` configures the HTTP Proxy URL (e.g. + "http://proxyserver:2195") to go through when scraping the + target.' type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + description: "`relabelings` configures the relabeling rules + to apply the target's metadata labels. \n The Operator automatically + adds relabelings for a few standard Kubernetes fields. \n + The original scrape job's name is available via the `__tmp_prometheus_job_name` + label. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the + label set for targets, alerts, scraped samples and remote + write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. + \n `Uppercase` and `Lowercase` actions require Prometheus + >= v2.36.0. `DropEqual` and `KeepEqual` actions require + Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -21307,30 +24359,35 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. + description: "Modulus to take of the hash of the source + label values. \n Only applicable when the action is + `HashMod`." format: int64 type: integer regex: description: Regular expression against which the extracted - value is matched. Default is '(.*)' + value is matched. type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' + description: "Replacement value against which a Replace + action is performed if the regular expression matches. + \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. + description: Separator is the string between concatenated + SourceLabels. type: string sourceLabels: description: The source labels select values from existing labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. + Separator and matched against the configured regular + expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as @@ -21339,35 +24396,43 @@ spec: type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. + description: "Label to which the resulting string is written + in a replacement. \n It is mandatory for `Replace`, + `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and + `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. + description: "HTTP scheme to use for scraping. \n `http` and + `https` are the expected values unless you rewrite the `__scheme__` + label via relabeling. \n If empty, Prometheus uses the default + value `http`." + enum: + - http + - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape timeout is used unless - it is less than `Interval` in which the latter is used. + description: "Timeout after which Prometheus considers the scrape + to be failed. \n If empty, Prometheus uses the global scrape + timeout unless it is less than the target's scrape interval + value in which the latter is used." pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: Name or number of the target port of the Pod behind - the Service, the port must be specified with container port - property. Mutually exclusive with port. + description: "Name or number of the target port of the `Pod` + object behind the Service, the port must be specified with + container port property. \n Deprecated: use `port` instead." x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint + description: TLS configuration to use when scraping the target. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -21415,8 +24480,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -21494,36 +24558,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + trackTimestampsStaleness: + description: "`trackTimestampsStaleness` defines whether Prometheus + tracks staleness of the metrics that have an explicit timestamp + present in scraped data. Has no effect if `honorTimestamps` + is false. \n It requires Prometheus >= v2.48.0." + type: boolean type: object type: array jobLabel: - description: "JobLabel selects the label from the associated Kubernetes - service which will be used as the `job` label for all metrics. \n - For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: - bar`, then the `job=\"bar\"` label is added to all metrics. \n If - the value of this field is empty or if the label doesn't exist for - the given Service, the `job` label of the metrics defaults to the - name of the Kubernetes Service." + description: "`jobLabel` selects the label from the associated Kubernetes + `Service` object which will be used as the `job` label for all metrics. + \n For example if `jobLabel` is set to `foo` and the Kubernetes + `Service` object is labeled with `foo: bar`, then Prometheus adds + the `job=\"bar\"` label to all ingested metrics. \n If the value + of this field is empty or if the label doesn't exist for the given + Service, the `job` label of the metrics defaults to the name of + the associated Kubernetes `Service`." type: string + keepDroppedTargets: + description: "Per-scrape limit on the number of targets dropped by + relabeling that will be kept in memory. 0 means no limit. \n It + requires Prometheus >= v2.47.0." + format: int64 + type: integer labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. + description: "Per-scrape limit on number of labels that will be accepted + for a sample. \n It requires Prometheus >= v2.27.0." format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. + description: "Per-scrape limit on length of labels name that will + be accepted for a sample. \n It requires Prometheus >= v2.27.0." format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. + description: "Per-scrape limit on length of labels value that will + be accepted for a sample. \n It requires Prometheus >= v2.27.0." format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Kubernetes Endpoints + description: Selector to select which namespaces the Kubernetes `Endpoints` objects are discovered from. properties: any: @@ -21537,18 +24612,18 @@ spec: type: array type: object podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes `Pod` - onto the created metrics. + description: '`podTargetLabels` defines the labels which are transferred + from the associated Kubernetes `Pod` object onto the ingested metrics.' items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. + description: '`sampleLimit` defines a per-scrape limit on the number + of scraped samples that will be accepted.' format: int64 type: integer selector: - description: Selector to select Endpoints objects. + description: Label selector to select the Kubernetes `Endpoints` objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -21593,18 +24668,18 @@ spec: type: object x-kubernetes-map-type: atomic targetLabels: - description: TargetLabels transfers labels from the Kubernetes `Service` - onto the created metrics. + description: '`targetLabels` defines the labels which are transferred + from the associated Kubernetes `Service` object onto the ingested + metrics.' items: type: string type: array targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. + description: '`targetLimit` defines a limit on the number of scraped + targets that will be accepted.' format: int64 type: integer required: - - endpoints - selector type: object required: @@ -21617,8 +24692,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.13.0 + operator.prometheus.io/version: 0.71.2 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21634,10 +24709,24 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - description: The version of Thanos Ruler + jsonPath: .spec.version + name: Version + type: string - description: The number of desired replicas jsonPath: .spec.replicas name: Replicas type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date @@ -21667,6 +24756,31 @@ spec: description: 'Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: + additionalArgs: + description: AdditionalArgs allows setting additional arguments for + the ThanosRuler container. It is intended for e.g. activating hidden + flags which are not supported by the dedicated configuration options + yet. The arguments are passed as-is to the ThanosRuler container + which may cause issues if they are invalid or not supported by the + given ThanosRuler version. In case of an argument conflict (e.g. + an argument which is already set by the operator itself) or when + providing an invalid argument the reconciliation will fail and an + error will be logged. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: Name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: Argument value, e.g. 30s. Can be empty for name-only + arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array affinity: description: If specified, the pod's scheduling constraints. properties: @@ -22822,7 +25936,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -22918,7 +26034,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -22998,8 +26116,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -23031,7 +26147,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -23200,8 +26318,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -23233,7 +26349,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -23322,10 +26440,52 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -23346,10 +26506,29 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -23471,8 +26650,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -23505,16 +26684,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -23560,8 +26735,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -23593,7 +26766,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -23820,7 +26995,7 @@ spec: type: string name: description: Name of the referent. When not set, all resources - are matched. + in the namespace are matched. type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -23833,6 +27008,7 @@ spec: - servicemonitors - podmonitors - probes + - scrapeconfigs type: string required: - namespace @@ -23851,7 +27027,8 @@ spec: the ''--grpc-server-tls-*'' CLI args.' properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -23896,7 +27073,7 @@ spec: use for the targets. type: string cert: - description: Struct containing the client cert file for the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -23995,6 +27172,16 @@ spec: image: description: Thanos container image URL. type: string + imagePullPolicy: + description: Image pull policy for the 'thanos', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string imagePullSecrets: description: An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod @@ -24269,7 +27456,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -24365,7 +27554,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -24445,8 +27636,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -24478,7 +27667,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -24647,8 +27838,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -24680,7 +27869,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -24769,10 +27960,52 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -24793,10 +28026,29 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior of + individual containers in a pod. This field may only be set + for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod''s restart policy + and the container type. Setting the RestartPolicy as "Always" + for the init container will have the following effect: this + init container will be continually restarted on exit until + all regular containers have terminated. Once all regular containers + have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init + containers and is often referred to as a "sidecar" container. + Although this init container still starts in the init container + sequence, it does not wait for the container to complete before + proceeding to the next init container. Instead, the next init + container starts immediately after this init container is + started, or after any startupProbe has successfully completed.' + type: string securityContext: description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext @@ -24918,8 +28170,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". + seccomp profile location. Must be set if type is "Localhost". + Must NOT be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -24952,16 +28204,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also + be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -25007,8 +28255,6 @@ spec: type: integer grpc: description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. properties: port: description: Port number of the gRPC service. Number @@ -25040,7 +28286,9 @@ spec: to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. type: string value: description: The header field value @@ -25272,8 +28520,9 @@ spec: description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available - as soon as it is ready) This is an alpha field and requires enabling - StatefulSetMinReadySeconds feature gate. + as soon as it is ready) This is an alpha field from kubernetes 1.22 + until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate. format: int32 type: integer nodeSelector: @@ -25310,8 +28559,14 @@ spec: for deletion will be performed on the underlying objects. type: boolean podMetadata: - description: PodMetadata contains Labels and Annotations gets propagated - to the thanos ruler pods. + description: "PodMetadata configures labels and annotations which + are propagated to the ThanosRuler pods. \n The following items are + reserved and cannot be overridden: * \"app.kubernetes.io/name\" + label, set to \"thanos-ruler\". * \"app.kubernetes.io/managed-by\" + label, set to \"prometheus-operator\". * \"app.kubernetes.io/instance\" + label, set to the name of the ThanosRuler instance. * \"thanos-ruler\" + label, set to the name of the ThanosRuler instance. * \"kubectl.kubernetes.io/default-container\" + annotation, set to \"thanos-ruler\"." properties: annotations: additionalProperties: @@ -25338,8 +28593,9 @@ spec: type: string type: object portName: - description: Port name used for the pods and governing service. This - defaults to web + default: web + description: Port name used for the pods and governing service. Defaults + to `web`. type: string priorityClassName: description: Priority class assigned to the Pods @@ -25356,10 +28612,10 @@ spec: while enforcing namespace label for alerts and metrics. properties: ruleName: - description: RuleNamespace - name of excluded rule + description: Name of the excluded PrometheusRule object. type: string ruleNamespace: - description: RuleNamespace - namespace of excluded rule + description: Namespace of the excluded PrometheusRule object. type: string required: - ruleName @@ -25401,6 +28657,27 @@ spec: description: Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -25421,7 +28698,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object retention: @@ -25614,7 +28892,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -25628,9 +28907,14 @@ spec: type: object supplementalGroups: description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. Note - that this field cannot be set when spec.os.name is windows. + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. items: format: int64 type: integer @@ -25673,14 +28957,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -25699,13 +28980,12 @@ spec: description: Storage spec to specify how storage shall be used. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default - in a future release, this option will become unnecessary. DisableMountSubPath - allows to remove any subPath usage in volume mounts.' + description: 'Deprecated: subPath usage will be removed in a future + release.' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the Prometheus - StatefulSets. If specified, used in place of any volumeClaimTemplate. + description: 'EmptyDirVolumeSource to be used by the StatefulSet. + If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: @@ -25724,13 +29004,13 @@ spec: medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the Prometheus - StatefulSets. This is a beta field in k8s 1.21, for lower versions, + description: 'EphemeralVolumeSource to be used by the StatefulSet. + This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: @@ -25778,9 +29058,12 @@ spec: provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data - source. If the AnyVolumeDataSource feature gate - is enabled, this field will always have the same - contents as the DataSourceRef field.' + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -25805,27 +29088,33 @@ spec: dataSourceRef: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any local object - from a non-empty API group (non core object) or - a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed if - the type of the specified object matches some installed - volume populator or dynamic provisioner. This field - will replace the functionality of the DataSource - field and as such if both fields are non-empty, - they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) will - be set to the same value automatically if one of - them is empty and the other is non-empty. There - are two important differences between DataSource - and DataSourceRef: * While DataSource only allows - two specific types of objects, DataSourceRef allows + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is - specified. (Beta) Using this field requires the - AnyVolumeDataSource feature gate to be enabled.' + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -25842,11 +29131,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -25855,6 +29154,30 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -25876,8 +29199,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -25948,7 +29271,10 @@ spec: type: object type: object volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. + description: Defines the PVC spec to be used by the Prometheus + StatefulSets. The easiest way to use a volume that cannot be + automatically provisioned is to use a label selector alongside + manually created PersistentVolumes. properties: apiVersion: description: 'APIVersion defines the versioned schema of this @@ -25993,8 +29319,8 @@ spec: type: string type: object spec: - description: 'Spec defines the desired characteristics of - a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Defines the desired characteristics of a volume + requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: description: 'accessModes contains the desired access @@ -26008,9 +29334,12 @@ spec: * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the - contents of the specified data source. If the AnyVolumeDataSource - feature gate is enabled, this field will always have - the same contents as the DataSourceRef field.' + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -26032,24 +29361,31 @@ spec: dataSourceRef: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any local object from - a non-empty API group (non core object) or a PersistentVolumeClaim + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource + This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, - both fields (DataSource and DataSourceRef) will be set - to the same value automatically if one of them is empty - and the other is non-empty. There are two important - differences between DataSource and DataSourceRef: * - While DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well as - PersistentVolumeClaim objects. * While DataSource ignores - disallowed values (dropping them), DataSourceRef preserves - all values, and generates an error if a disallowed value - is specified. (Beta) Using this field requires the AnyVolumeDataSource + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: @@ -26064,11 +29400,20 @@ spec: name: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -26077,6 +29422,30 @@ spec: must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -26098,7 +29467,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -26163,8 +29533,7 @@ spec: type: string type: object status: - description: 'Status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Deprecated: this field is never set.' properties: accessModes: description: 'accessModes contains the actual access modes @@ -26172,6 +29541,51 @@ spec: items: type: string type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore + that update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n ClaimResourceStatus can be + in any of following states: - ControllerResizeInProgress: + State set when resize controller starts resizing the + volume in control-plane. - ControllerResizeFailed: State + set when resize has failed in resize controller with + a terminal error. - NodeResizePending: State set when + resize controller has finished resizing the volume but + further resizing of volume is needed on the node. - + NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible + for resizing capacity of the volume, should ignore PVC + updates that change other valid resources associated + with PVC. \n This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular allocatedResources: additionalProperties: anyOf: @@ -26179,19 +29593,31 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. For - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for quota - calculation. If a volume expansion capacity request - is lowered, allocatedResources is only lowered if there - are no expansion operations in progress and if the actual - volume capacity is equal or lower than the requested - capacity. This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature. + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity. Key names + follow standard Kubernetes label syntax. Valid values + are either: * Un-prefixed keys: - storage - the capacity + of the volume. * Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\" + Apart from above values - keys that are unprefixed or + have kubernetes.io prefix are considered reserved and + hence may not be used. \n Capacity reported here may + be larger than the actual capacity when a volume expansion + operation is requested. For storage quota, the larger + value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower + than the requested capacity. \n A controller that receives + PVC update with previously unknown resourceName should + ignore the update for the purpose it was designed. For + example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." type: object capacity: additionalProperties: @@ -26208,7 +29634,7 @@ spec: volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: @@ -26246,13 +29672,6 @@ spec: phase: description: phase represents the current phase of PersistentVolumeClaim. type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string type: object type: object type: object @@ -26350,14 +29769,18 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated - for the incoming pod. Keys that don't exist in the incoming - pod labels will be ignored. A null or empty list means only - match against labelSelector. + for the incoming pod. The same key is forbidden to exist in + both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist + in the incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. \n This is a + beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -26414,8 +29837,8 @@ spec: are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor - policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." + policy. This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: description: "NodeTaintsPolicy indicates how we will treat node @@ -26424,8 +29847,8 @@ spec: for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a alpha-level feature enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: description: TopologyKey is the key of node labels. Nodes that @@ -26489,6 +29912,51 @@ spec: file. When used alongside with TracingConfig, TracingConfigFile takes precedence. type: string + version: + description: Version of Thanos to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the ruler container, that are + generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array volumes: description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended @@ -26878,7 +30346,7 @@ spec: medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -26946,9 +30414,12 @@ spec: provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified - data source. If the AnyVolumeDataSource feature - gate is enabled, this field will always have the - same contents as the DataSourceRef field.' + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource @@ -26974,27 +30445,35 @@ spec: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any - local object from a non-empty API group (non core - object) or a PersistentVolumeClaim object. When - this field is specified, volume binding will only - succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. This field will replace the functionality of the - DataSource field and as such if both fields are + dataSource field and as such if both fields are non-empty, they must have the same value. For - backwards compatibility, both fields (DataSource - and DataSourceRef) will be set to the same value + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While - DataSource only allows two specific types of objects, - DataSourceRef allows any non-core object, as well - as PersistentVolumeClaim objects. * While DataSource - ignores disallowed values (dropping them), DataSourceRef - preserves all values, and generates an error if - a disallowed value is specified. (Beta) Using - this field requires the AnyVolumeDataSource feature - gate to be enabled.' + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -27011,11 +30490,21 @@ spec: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure @@ -27024,6 +30513,31 @@ spec: value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -27045,8 +30559,8 @@ spec: amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -28007,14 +31521,54 @@ spec: type: object status: description: 'Most recent observed status of the ThanosRuler cluster. - Read-only. Not included when requesting from the apiserver, only from - the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: description: Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. format: int32 type: integer + conditions: + description: The current state of the Alertmanager object. + items: + description: Condition represents the state of the resources associated + with the Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: Human-readable message indicating details for the + condition's last transition. + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if `.metadata.generation` + is currently 12, but the `.status.conditions[].observedGeneration` + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. + type: string + status: + description: Status of the condition. + type: string + type: + description: Type of the condition being reported. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map paused: description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. @@ -28046,5 +31600,6 @@ spec: type: object served: true storage: true - subresources: {} + subresources: + status: {} {{ end }} diff --git a/third_party/kube-prometheus-stack/kube-prometheus-stack-41.5.1.tgz b/third_party/kube-prometheus-stack/kube-prometheus-stack-41.5.1.tgz deleted file mode 100644 index ccf3649b1..000000000 Binary files a/third_party/kube-prometheus-stack/kube-prometheus-stack-41.5.1.tgz and /dev/null differ diff --git a/third_party/kube-prometheus-stack/kube-prometheus-stack-56.6.2.tgz b/third_party/kube-prometheus-stack/kube-prometheus-stack-56.6.2.tgz new file mode 100644 index 000000000..ad1431c99 Binary files /dev/null and b/third_party/kube-prometheus-stack/kube-prometheus-stack-56.6.2.tgz differ diff --git a/third_party/kube-prometheus-stack/update_crd.sh b/third_party/kube-prometheus-stack/update_crd.sh index f92ed6cb5..07e1202ae 100755 --- a/third_party/kube-prometheus-stack/update_crd.sh +++ b/third_party/kube-prometheus-stack/update_crd.sh @@ -2,7 +2,7 @@ # match the version to the app version in this command: # helm search repo prometheus-community/kube-prometheus-stack --version='x.y.z' -VERSION=0.60 +VERSION=0.71 # https://github.com/prometheus-operator/prometheus-operator/tree/main/example/prometheus-operator-crd # TODO(ensonic): can we tak this directly from the chart? BASEURL="https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-${VERSION}/example/prometheus-operator-crd/monitoring.coreos.com"