From 881674e496b05b61100949823866f66a52c45339 Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Fri, 29 Aug 2025 10:33:12 +0200 Subject: [PATCH] Add metric server API Signed-off-by: Mario Fernandez --- .../ClusterMonitoringConfig.yaml | 143 +++++++ config/v1alpha1/types_cluster_monitoring.go | 150 ++++++- ...clustermonitoring-CustomNoUpgrade.crd.yaml | 388 ++++++++++++++++++ ...termonitoring-DevPreviewNoUpgrade.crd.yaml | 388 ++++++++++++++++++ ...ermonitoring-TechPreviewNoUpgrade.crd.yaml | 388 ++++++++++++++++++ config/v1alpha1/zz_generated.deepcopy.go | 80 +++- .../ClusterMonitoringConfig.yaml | 388 ++++++++++++++++++ .../zz_generated.swagger_doc_generated.go | 30 +- .../generated_openapi/zz_generated.openapi.go | 147 ++++++- openapi/openapi.json | 87 +++- ...clustermonitoring-CustomNoUpgrade.crd.yaml | 388 ++++++++++++++++++ ...termonitoring-DevPreviewNoUpgrade.crd.yaml | 388 ++++++++++++++++++ ...ermonitoring-TechPreviewNoUpgrade.crd.yaml | 388 ++++++++++++++++++ 13 files changed, 3319 insertions(+), 34 deletions(-) diff --git a/config/v1alpha1/tests/clustermonitoring.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/tests/clustermonitoring.config.openshift.io/ClusterMonitoringConfig.yaml index 3a848d20dcd..f6cd7f3f59d 100644 --- a/config/v1alpha1/tests/clustermonitoring.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/tests/clustermonitoring.config.openshift.io/ClusterMonitoringConfig.yaml @@ -208,3 +208,146 @@ tests: request: "500m" limit: "200m" expectedError: 'spec.alertmanagerConfig.customConfig.resources[0]: Invalid value: "object": limit must be greater than or equal to request' + - name: Should be able to create a minimal MetricsServerConfig + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + metricsServerConfig: + verbosity: Info + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + metricsServerConfig: + verbosity: Info + - name: Should accept MetricsServerConfig with comprehensive ContainerResource array + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + metricsServerConfig: + resources: + - name: "cpu" + request: "100m" + limit: "500m" + - name: "memory" + request: "128Mi" + limit: "512Mi" + - name: "ephemeral-storage" + request: "1Gi" + limit: "2Gi" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + metricsServerConfig: + resources: + - name: "cpu" + request: "100m" + limit: "500m" + - name: "memory" + request: "128Mi" + limit: "512Mi" + - name: "ephemeral-storage" + request: "1Gi" + limit: "2Gi" + - name: Should accept MetricsServerConfig with only requests + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + metricsServerConfig: + resources: + - name: "cpu" + request: "200m" + - name: "memory" + request: "256Mi" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + metricsServerConfig: + resources: + - name: "cpu" + request: "200m" + - name: "memory" + request: "256Mi" + - name: Should accept MetricsServerConfig with only limits + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + metricsServerConfig: + resources: + - name: "cpu" + limit: "1" + - name: "memory" + limit: "1Gi" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + metricsServerConfig: + resources: + - name: "cpu" + limit: "1" + - name: "memory" + limit: "1Gi" + - name: Should reject MetricsServerConfig with limit less than request + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + metricsServerConfig: + resources: + - name: "cpu" + request: "500m" + limit: "200m" + expectedError: 'spec.metricsServerConfig.resources[0]: Invalid value: "object": limit must be greater than or equal to request' + - name: Should reject MetricsServerConfig with more than 10 resource items + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + metricsServerConfig: + resources: + - name: "cpu" + request: "100m" + - name: "memory" + request: "64Mi" + - name: "hugepages-2Mi" + request: "32Mi" + - name: "hugepages-1Gi" + request: "1Gi" + - name: "ephemeral-storage" + request: "1Gi" + - name: "nvidia.com/gpu" + request: "1" + - name: "example.com/foo" + request: "1" + - name: "example.com/bar" + request: "1" + - name: "example.com/baz" + request: "1" + - name: "example.com/qux" + request: "1" + - name: "example.com/quux" + request: "1" + expectedError: 'spec.metricsServerConfig.resources: Too many: 11: must have at most 10 items' diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index c048c64ef18..f6d4cd3420b 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -81,14 +81,19 @@ type ClusterMonitoringSpec struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // The current default value is `Disabled`. // +optional - UserDefined *UserDefinedMonitoring `json:"userDefined,omitempty"` + UserDefined UserDefinedMonitoring `json:"userDefined,omitempty,omitzero"` // alertmanagerConfig allows users to configure how the default Alertmanager instance // should be deployed in the `openshift-monitoring` namespace. // alertmanagerConfig is optional. // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. // The current default value is `DefaultConfig`. // +optional - AlertmanagerConfig *AlertmanagerConfig `json:"alertmanagerConfig,omitempty"` + AlertmanagerConfig AlertmanagerConfig `json:"alertmanagerConfig,omitempty,omitzero"` + // metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. + // Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + MetricsServerConfig MetricsServerConfig `json:"metricsServerConfig,omitempty,omitzero"` } // UserDefinedMonitoring config for user-defined projects. @@ -128,12 +133,12 @@ type AlertmanagerConfig struct { // // +unionDiscriminator // +required - DeploymentMode AlertManagerDeployMode `json:"deploymentMode"` + DeploymentMode AlertManagerDeployMode `json:"deploymentMode,omitempty"` // customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. // When set to CustomConfig, the Alertmanager will be deployed with custom configuration. // +optional - CustomConfig *AlertmanagerCustomConfig `json:"customConfig,omitempty"` + CustomConfig AlertmanagerCustomConfig `json:"customConfig,omitempty,omitzero"` } // AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. @@ -153,7 +158,7 @@ type AlertmanagerCustomConfig struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. // The current default value is `Info`. // +optional - LogLevel LogLevel `json:"logLevel"` + LogLevel LogLevel `json:"logLevel,omitempty"` // nodeSelector defines the nodes on which the Pods are scheduled // nodeSelector is optional. // @@ -291,9 +296,10 @@ type ContainerResource struct { // This field is required. // name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. // +required + // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 // +kubebuilder:validation:XValidation:rule="!format.qualifiedName().validate(self).hasValue()",message="name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character" - Name string `json:"name"` + Name string `json:"name,omitempty"` // request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). // This field is optional. @@ -322,3 +328,135 @@ type ContainerResource struct { // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." // +kubebuilder:validation:MaxLength=63 type SecretName string + +// MetricsServerConfig provides configuration options for the Metrics Server instance +// that runs in the `openshift-monitoring` namespace. Use this configuration to control +// how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled. +// +kubebuilder:validation:MinProperties=1 +type MetricsServerConfig struct { + // audit defines the audit configuration used by the Metrics Server instance. + // audit is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + //The current default sets audit.profile to Metadata + // +optional + Audit Audit `json:"audit,omitempty,omitzero"` + // nodeSelector defines the nodes on which the Pods are scheduled + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10 + // Minimum length for this list is 1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // verbosity defines the verbosity of log messages for Metrics Server. + // Valid values are Errors, Info, Trace, TraceAll and omitted. + // When set to Errors, only critical messages and errors are logged. + // When set to Info, only basic information messages are logged. + // When set to Trace, information useful for general debugging is logged. + // When set to TraceAll, detailed information about metric scraping is logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Errors` + // +optional + Verbosity VerbosityLevel `json:"verbosity,omitempty,omitzero"` + // resources defines the compute resource requests and limits for the Metrics Server container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1 + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// AuditProfile defines the audit log level for the Metrics Server. +// +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse +type AuditProfile string + +const ( + // AuditProfileNone disables audit logging + AuditProfileNone AuditProfile = "None" + // AuditProfileMetadata logs request metadata (requesting user, timestamp, resource, verb, etc.) but not request or response body + AuditProfileMetadata AuditProfile = "Metadata" + // AuditProfileRequest logs event metadata and request body but not response body + AuditProfileRequest AuditProfile = "Request" + // AuditProfileRequestResponse logs event metadata, request and response bodies + AuditProfileRequestResponse AuditProfile = "RequestResponse" +) + +// VerbosityLevel defines the verbosity of log messages for Metrics Server. +// +kubebuilder:validation:Enum=Errors;Info;Trace;TraceAll +type VerbosityLevel string + +const ( + // VerbosityLevelErrors means only critical messages and errors are logged. + VerbosityLevelErrors VerbosityLevel = "Errors" + // VerbosityLevelInfo means basic informational messages are logged. + VerbosityLevelInfo VerbosityLevel = "Info" + // VerbosityLevelTrace means extended information useful for general debugging is logged. + VerbosityLevelTrace VerbosityLevel = "Trace" + // VerbosityLevelTraceAll means detailed information about metric scraping operations is logged. + VerbosityLevelTraceAll VerbosityLevel = "TraceAll" +) + +// Audit profile configurations +type Audit struct { + // profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. + // Allowed values are None, Metadata, Request, or RequestResponse. + // When set to None, audit logging is disabled and no audit events are recorded. + // When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. + // When set to Request, event metadata and the request body are logged, but not the response body. + // When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information. + // + // See: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy + // for more information about auditing and log levels. + // +required + Profile AuditProfile `json:"profile,omitempty"` +} diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-CustomNoUpgrade.crd.yaml index 267d0afb1a2..cdc019885b4 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-CustomNoUpgrade.crd.yaml @@ -138,6 +138,7 @@ spec: This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. maxLength: 253 + minLength: 1 type: string x-kubernetes-validations: - message: name must consist only of alphanumeric characters, @@ -900,6 +901,393 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + metricsServerConfig: + description: |- + metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. + Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + audit: + description: |- + audit defines the audit configuration used by the Metrics Server instance. + audit is optional. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default sets audit.profile to Metadata + properties: + profile: + description: |- + profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. + Allowed values are None, Metadata, Request, or RequestResponse. + When set to None, audit logging is disabled and no audit events are recorded. + When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. + When set to Request, event metadata and the request body are logged, but not the response body. + When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information. + + See: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy + for more information about auditing and log levels. + enum: + - None + - Metadata + - Request + - RequestResponse + type: string + required: + - profile + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the Metrics Server container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + limit: null + - name: memory + request: 40Mi + limit: null + Maximum length for this list is 10. + Minimum length for this list is 1. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + verbosity: + description: |- + verbosity defines the verbosity of log messages for Metrics Server. + Valid values are Errors, Info, Trace, TraceAll and omitted. + When set to Errors, only critical messages and errors are logged. + When set to Info, only basic information messages are logged. + When set to Trace, information useful for general debugging is logged. + When set to TraceAll, detailed information about metric scraping is logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Errors` + enum: + - Errors + - Info + - Trace + - TraceAll + type: string + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-DevPreviewNoUpgrade.crd.yaml index cc80c5fb6c4..f79bea45d55 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-DevPreviewNoUpgrade.crd.yaml @@ -138,6 +138,7 @@ spec: This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. maxLength: 253 + minLength: 1 type: string x-kubernetes-validations: - message: name must consist only of alphanumeric characters, @@ -900,6 +901,393 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + metricsServerConfig: + description: |- + metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. + Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + audit: + description: |- + audit defines the audit configuration used by the Metrics Server instance. + audit is optional. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default sets audit.profile to Metadata + properties: + profile: + description: |- + profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. + Allowed values are None, Metadata, Request, or RequestResponse. + When set to None, audit logging is disabled and no audit events are recorded. + When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. + When set to Request, event metadata and the request body are logged, but not the response body. + When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information. + + See: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy + for more information about auditing and log levels. + enum: + - None + - Metadata + - Request + - RequestResponse + type: string + required: + - profile + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the Metrics Server container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + limit: null + - name: memory + request: 40Mi + limit: null + Maximum length for this list is 10. + Minimum length for this list is 1. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + verbosity: + description: |- + verbosity defines the verbosity of log messages for Metrics Server. + Valid values are Errors, Info, Trace, TraceAll and omitted. + When set to Errors, only critical messages and errors are logged. + When set to Info, only basic information messages are logged. + When set to Trace, information useful for general debugging is logged. + When set to TraceAll, detailed information about metric scraping is logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Errors` + enum: + - Errors + - Info + - Trace + - TraceAll + type: string + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-TechPreviewNoUpgrade.crd.yaml index d6029a85f69..44c1184e1a3 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitoring-TechPreviewNoUpgrade.crd.yaml @@ -138,6 +138,7 @@ spec: This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. maxLength: 253 + minLength: 1 type: string x-kubernetes-validations: - message: name must consist only of alphanumeric characters, @@ -900,6 +901,393 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + metricsServerConfig: + description: |- + metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. + Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + audit: + description: |- + audit defines the audit configuration used by the Metrics Server instance. + audit is optional. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default sets audit.profile to Metadata + properties: + profile: + description: |- + profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. + Allowed values are None, Metadata, Request, or RequestResponse. + When set to None, audit logging is disabled and no audit events are recorded. + When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. + When set to Request, event metadata and the request body are logged, but not the response body. + When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information. + + See: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy + for more information about auditing and log levels. + enum: + - None + - Metadata + - Request + - RequestResponse + type: string + required: + - profile + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the Metrics Server container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + limit: null + - name: memory + request: 40Mi + limit: null + Maximum length for this list is 10. + Minimum length for this list is 1. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + verbosity: + description: |- + verbosity defines the verbosity of log messages for Metrics Server. + Valid values are Errors, Info, Trace, TraceAll and omitted. + When set to Errors, only critical messages and errors are logged. + When set to Info, only basic information messages are logged. + When set to Trace, information useful for general debugging is logged. + When set to TraceAll, detailed information about metric scraping is logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Errors` + enum: + - Errors + - Info + - Trace + - TraceAll + type: string + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index 144b173f6bb..6549f6cbe43 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -14,11 +14,7 @@ import ( // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AlertmanagerConfig) DeepCopyInto(out *AlertmanagerConfig) { *out = *in - if in.CustomConfig != nil { - in, out := &in.CustomConfig, &out.CustomConfig - *out = new(AlertmanagerCustomConfig) - (*in).DeepCopyInto(*out) - } + in.CustomConfig.DeepCopyInto(&out.CustomConfig) return } @@ -86,6 +82,22 @@ func (in *AlertmanagerCustomConfig) DeepCopy() *AlertmanagerCustomConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Audit) DeepCopyInto(out *Audit) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Audit. +func (in *Audit) DeepCopy() *Audit { + if in == nil { + return nil + } + out := new(Audit) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backup) DeepCopyInto(out *Backup) { *out = *in @@ -350,16 +362,9 @@ func (in *ClusterMonitoringList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { *out = *in - if in.UserDefined != nil { - in, out := &in.UserDefined, &out.UserDefined - *out = new(UserDefinedMonitoring) - **out = **in - } - if in.AlertmanagerConfig != nil { - in, out := &in.AlertmanagerConfig, &out.AlertmanagerConfig - *out = new(AlertmanagerConfig) - (*in).DeepCopyInto(*out) - } + out.UserDefined = in.UserDefined + in.AlertmanagerConfig.DeepCopyInto(&out.AlertmanagerConfig) + in.MetricsServerConfig.DeepCopyInto(&out.MetricsServerConfig) return } @@ -677,6 +682,51 @@ func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { + *out = *in + out.Audit = in.Audit + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsServerConfig. +func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig { + if in == nil { + return nil + } + out := new(MetricsServerConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PKI) DeepCopyInto(out *PKI) { *out = *in diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitoring.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitoring.config.openshift.io/ClusterMonitoringConfig.yaml index 23edfb77ab9..044d64ae4b6 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitoring.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitoring.config.openshift.io/ClusterMonitoringConfig.yaml @@ -138,6 +138,7 @@ spec: This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. maxLength: 253 + minLength: 1 type: string x-kubernetes-validations: - message: name must consist only of alphanumeric characters, @@ -900,6 +901,393 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + metricsServerConfig: + description: |- + metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. + Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + audit: + description: |- + audit defines the audit configuration used by the Metrics Server instance. + audit is optional. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default sets audit.profile to Metadata + properties: + profile: + description: |- + profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. + Allowed values are None, Metadata, Request, or RequestResponse. + When set to None, audit logging is disabled and no audit events are recorded. + When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. + When set to Request, event metadata and the request body are logged, but not the response body. + When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information. + + See: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy + for more information about auditing and log levels. + enum: + - None + - Metadata + - Request + - RequestResponse + type: string + required: + - profile + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the Metrics Server container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + limit: null + - name: memory + request: 40Mi + limit: null + Maximum length for this list is 10. + Minimum length for this list is 1. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + verbosity: + description: |- + verbosity defines the verbosity of log messages for Metrics Server. + Valid values are Errors, Info, Trace, TraceAll and omitted. + When set to Errors, only critical messages and errors are logged. + When set to Info, only basic information messages are logged. + When set to Trace, information useful for general debugging is logged. + When set to TraceAll, detailed information about metric scraping is logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Errors` + enum: + - Errors + - Info + - Trace + - TraceAll + type: string + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index b6ff150fcb5..6ba6ad11f44 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -143,6 +143,15 @@ func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string { return map_AlertmanagerCustomConfig } +var map_Audit = map[string]string{ + "": "Audit profile configurations", + "profile": "profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. Allowed values are None, Metadata, Request, or RequestResponse. When set to None, audit logging is disabled and no audit events are recorded. When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. When set to Request, event metadata and the request body are logged, but not the response body. When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information.\n\nSee: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy for more information about auditing and log levels.", +} + +func (Audit) SwaggerDoc() map[string]string { + return map_Audit +} + var map_ClusterMonitoring = map[string]string{ "": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "metadata": "metadata is the standard object metadata.", @@ -165,9 +174,10 @@ func (ClusterMonitoringList) SwaggerDoc() map[string]string { } var map_ClusterMonitoringSpec = map[string]string{ - "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", - "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", - "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", + "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", + "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } func (ClusterMonitoringSpec) SwaggerDoc() map[string]string { @@ -193,6 +203,20 @@ func (ContainerResource) SwaggerDoc() map[string]string { return map_ContainerResource } +var map_MetricsServerConfig = map[string]string{ + "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", + "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "verbosity": "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", + "resources": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", +} + +func (MetricsServerConfig) SwaggerDoc() map[string]string { + return map_MetricsServerConfig +} + var map_UserDefinedMonitoring = map[string]string{ "": "UserDefinedMonitoring config for user-defined projects.", "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 238d7bf4c02..8b9dfcec127 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -424,6 +424,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1.WebhookTokenAuthenticator": schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref), "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig": schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref), "github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig": schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref), + "github.com/openshift/api/config/v1alpha1.Audit": schema_openshift_api_config_v1alpha1_Audit(ref), "github.com/openshift/api/config/v1alpha1.Backup": schema_openshift_api_config_v1alpha1_Backup(ref), "github.com/openshift/api/config/v1alpha1.BackupList": schema_openshift_api_config_v1alpha1_BackupList(ref), "github.com/openshift/api/config/v1alpha1.BackupSpec": schema_openshift_api_config_v1alpha1_BackupSpec(ref), @@ -448,6 +449,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.InsightsDataGatherList": schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), + "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), "github.com/openshift/api/config/v1alpha1.PKI": schema_openshift_api_config_v1alpha1_PKI(ref), "github.com/openshift/api/config/v1alpha1.PKICertificateSubject": schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref), "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref), @@ -21196,7 +21198,6 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref common.Referenc "deploymentMode": { SchemaProps: spec.SchemaProps{ Description: "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", - Default: "", Type: []string{"string"}, Format: "", }, @@ -21204,6 +21205,7 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref common.Referenc "customConfig": { SchemaProps: spec.SchemaProps{ Description: "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig"), }, }, @@ -21226,7 +21228,6 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re "logLevel": { SchemaProps: spec.SchemaProps{ Description: "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", - Default: "", Type: []string{"string"}, Format: "", }, @@ -21345,6 +21346,27 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re } } +func schema_openshift_api_config_v1alpha1_Audit(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Audit profile configurations", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "profile": { + SchemaProps: spec.SchemaProps{ + Description: "profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. Allowed values are None, Metadata, Request, or RequestResponse. When set to None, audit logging is disabled and no audit events are recorded. When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. When set to Request, event metadata and the request body are logged, but not the response body. When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information.\n\nSee: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy for more information about auditing and log levels.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"profile"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -21769,20 +21791,29 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer "userDefined": { SchemaProps: spec.SchemaProps{ Description: "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"), }, }, "alertmanagerConfig": { SchemaProps: spec.SchemaProps{ Description: "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha1.AlertmanagerConfig"), }, }, + "metricsServerConfig": { + SchemaProps: spec.SchemaProps{ + Description: "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.MetricsServerConfig"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, + "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, } } @@ -21807,7 +21838,6 @@ func schema_openshift_api_config_v1alpha1_ContainerResource(ref common.Reference "name": { SchemaProps: spec.SchemaProps{ Description: "name of the resource (e.g. \"cpu\", \"memory\", \"hugepages-2Mi\"). This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character.", - Default: "", Type: []string{"string"}, Format: "", }, @@ -22271,6 +22301,115 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref common.Re } } +func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "audit": { + SchemaProps: spec.SchemaProps{ + Description: "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Audit"), + }, + }, + "nodeSelector": { + SchemaProps: spec.SchemaProps{ + Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.Toleration"), + }, + }, + }, + }, + }, + "verbosity": { + SchemaProps: spec.SchemaProps{ + Description: "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", + Type: []string{"string"}, + Format: "", + }, + }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.Audit", "github.com/openshift/api/config/v1alpha1.ContainerResource", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, + } +} + func schema_openshift_api_config_v1alpha1_PKI(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index 96070b5d2d0..d29a256fb4a 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -11538,12 +11538,12 @@ "properties": { "customConfig": { "description": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig" }, "deploymentMode": { "description": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", - "type": "string", - "default": "" + "type": "string" } } }, @@ -11553,8 +11553,7 @@ "properties": { "logLevel": { "description": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", - "type": "string", - "default": "" + "type": "string" }, "nodeSelector": { "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", @@ -11613,6 +11612,19 @@ } } }, + "com.github.openshift.api.config.v1alpha1.Audit": { + "description": "Audit profile configurations", + "type": "object", + "required": [ + "profile" + ], + "properties": { + "profile": { + "description": "profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. Allowed values are None, Metadata, Request, or RequestResponse. When set to None, audit logging is disabled and no audit events are recorded. When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. When set to Request, event metadata and the request body are logged, but not the response body. When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information.\n\nSee: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy for more information about auditing and log levels.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.Backup": { "description": "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -11859,10 +11871,17 @@ "properties": { "alertmanagerConfig": { "description": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerConfig" }, + "metricsServerConfig": { + "description": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetricsServerConfig" + }, "userDefined": { "description": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", + "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring" } } @@ -11884,8 +11903,7 @@ }, "name": { "description": "name of the resource (e.g. \"cpu\", \"memory\", \"hugepages-2Mi\"). This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character.", - "type": "string", - "default": "" + "type": "string" }, "request": { "description": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", @@ -12145,6 +12163,63 @@ "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus": { "type": "object" }, + "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { + "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", + "type": "object", + "properties": { + "audit": { + "description": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Audit" + }, + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "verbosity": { + "description": "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.PKI": { "description": "PKI defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", "type": "object", diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-CustomNoUpgrade.crd.yaml index 267d0afb1a2..cdc019885b4 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-CustomNoUpgrade.crd.yaml @@ -138,6 +138,7 @@ spec: This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. maxLength: 253 + minLength: 1 type: string x-kubernetes-validations: - message: name must consist only of alphanumeric characters, @@ -900,6 +901,393 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + metricsServerConfig: + description: |- + metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. + Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + audit: + description: |- + audit defines the audit configuration used by the Metrics Server instance. + audit is optional. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default sets audit.profile to Metadata + properties: + profile: + description: |- + profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. + Allowed values are None, Metadata, Request, or RequestResponse. + When set to None, audit logging is disabled and no audit events are recorded. + When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. + When set to Request, event metadata and the request body are logged, but not the response body. + When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information. + + See: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy + for more information about auditing and log levels. + enum: + - None + - Metadata + - Request + - RequestResponse + type: string + required: + - profile + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the Metrics Server container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + limit: null + - name: memory + request: 40Mi + limit: null + Maximum length for this list is 10. + Minimum length for this list is 1. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + verbosity: + description: |- + verbosity defines the verbosity of log messages for Metrics Server. + Valid values are Errors, Info, Trace, TraceAll and omitted. + When set to Errors, only critical messages and errors are logged. + When set to Info, only basic information messages are logged. + When set to Trace, information useful for general debugging is logged. + When set to TraceAll, detailed information about metric scraping is logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Errors` + enum: + - Errors + - Info + - Trace + - TraceAll + type: string + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-DevPreviewNoUpgrade.crd.yaml index cc80c5fb6c4..f79bea45d55 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-DevPreviewNoUpgrade.crd.yaml @@ -138,6 +138,7 @@ spec: This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. maxLength: 253 + minLength: 1 type: string x-kubernetes-validations: - message: name must consist only of alphanumeric characters, @@ -900,6 +901,393 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + metricsServerConfig: + description: |- + metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. + Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + audit: + description: |- + audit defines the audit configuration used by the Metrics Server instance. + audit is optional. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default sets audit.profile to Metadata + properties: + profile: + description: |- + profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. + Allowed values are None, Metadata, Request, or RequestResponse. + When set to None, audit logging is disabled and no audit events are recorded. + When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. + When set to Request, event metadata and the request body are logged, but not the response body. + When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information. + + See: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy + for more information about auditing and log levels. + enum: + - None + - Metadata + - Request + - RequestResponse + type: string + required: + - profile + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the Metrics Server container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + limit: null + - name: memory + request: 40Mi + limit: null + Maximum length for this list is 10. + Minimum length for this list is 1. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + verbosity: + description: |- + verbosity defines the verbosity of log messages for Metrics Server. + Valid values are Errors, Info, Trace, TraceAll and omitted. + When set to Errors, only critical messages and errors are logged. + When set to Info, only basic information messages are logged. + When set to Trace, information useful for general debugging is logged. + When set to TraceAll, detailed information about metric scraping is logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Errors` + enum: + - Errors + - Info + - Trace + - TraceAll + type: string + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-TechPreviewNoUpgrade.crd.yaml index d6029a85f69..44c1184e1a3 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitoring-TechPreviewNoUpgrade.crd.yaml @@ -138,6 +138,7 @@ spec: This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. maxLength: 253 + minLength: 1 type: string x-kubernetes-validations: - message: name must consist only of alphanumeric characters, @@ -900,6 +901,393 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + metricsServerConfig: + description: |- + metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. + Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + audit: + description: |- + audit defines the audit configuration used by the Metrics Server instance. + audit is optional. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default sets audit.profile to Metadata + properties: + profile: + description: |- + profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. + Allowed values are None, Metadata, Request, or RequestResponse. + When set to None, audit logging is disabled and no audit events are recorded. + When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. + When set to Request, event metadata and the request body are logged, but not the response body. + When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information. + + See: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy + for more information about auditing and log levels. + enum: + - None + - Metadata + - Request + - RequestResponse + type: string + required: + - profile + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the Metrics Server container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + limit: null + - name: memory + request: 40Mi + limit: null + Maximum length for this list is 10. + Minimum length for this list is 1. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + verbosity: + description: |- + verbosity defines the verbosity of log messages for Metrics Server. + Valid values are Errors, Info, Trace, TraceAll and omitted. + When set to Errors, only critical messages and errors are logged. + When set to Info, only basic information messages are logged. + When set to Trace, information useful for general debugging is logged. + When set to TraceAll, detailed information about metric scraping is logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Errors` + enum: + - Errors + - Info + - Trace + - TraceAll + type: string + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring.