From 2f91e7f88729c2379252cb04bd44a1123ce507fc Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Mon, 9 Mar 2026 16:09:08 +0100 Subject: [PATCH] Add prometheusConfig API --- config/v1alpha1/types_cluster_monitoring.go | 1174 +++++++- ...ig-operator_01_clustermonitorings.crd.yaml | 2379 ++++++++++++++++- config/v1alpha1/zz_generated.deepcopy.go | 555 ++++ .../ClusterMonitoringConfig.yaml | 2379 ++++++++++++++++- .../zz_generated.swagger_doc_generated.go | 310 ++- .../generated_openapi/zz_generated.openapi.go | 1524 ++++++++++- openapi/openapi.json | 882 +++++- ...ig-operator_01_clustermonitorings.crd.yaml | 2379 ++++++++++++++++- 8 files changed, 11371 insertions(+), 211 deletions(-) diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 5888b1f36ae..48ca1aed8a9 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -89,6 +89,19 @@ type ClusterMonitoringSpec struct { // The current default value is `DefaultConfig`. // +optional AlertmanagerConfig AlertmanagerConfig `json:"alertmanagerConfig,omitempty,omitzero"` + // prometheusConfig provides configuration options for the default platform Prometheus instance + // that runs in the `openshift-monitoring` namespace. This configuration applies only to the + // platform Prometheus instance; user-workload Prometheus instances are configured separately. + // + // This field allows you to customize how the platform Prometheus is deployed and operated, including: + // - Pod scheduling (node selectors, tolerations, topology spread constraints) + // - Resource allocation (CPU, memory requests/limits) + // - Retention policies (how long metrics are stored) + // - External integrations (remote write, additional alertmanagers) + // + // This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + // +optional + PrometheusConfig PrometheusConfig `json:"prometheusConfig,omitempty,omitzero"` // metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. // Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -115,6 +128,79 @@ type ClusterMonitoringSpec struct { OpenShiftStateMetricsConfig OpenShiftStateMetricsConfig `json:"openShiftStateMetricsConfig,omitempty,omitzero"` } +// OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent +// that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates +// metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. +// +kubebuilder:validation:MinProperties=1 +type OpenShiftStateMetricsConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the openshift-state-metrics container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 1m + // limit: null + // - name: memory + // request: 32Mi + // limit: null + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + // UserDefinedMonitoring config for user-defined projects. type UserDefinedMonitoring struct { // mode defines the different configurations of UserDefinedMonitoring @@ -264,14 +350,12 @@ type AlertmanagerCustomConfig struct { // +listMapKey=whenUnsatisfiable // +optional TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` - // volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - // configure the persistent volume claim, including storage class, volume - // size, and name. + // volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + // configure the persistent volume claim, including storage class and volume size. // If omitted, the Pod uses ephemeral storage and alert data will not persist // across restarts. - // This field is optional. // +optional - VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` } // AlertManagerDeployMode defines the deployment state of the platform Alertmanager instance. @@ -292,19 +376,19 @@ const ( AlertManagerDeployModeCustomConfig AlertManagerDeployMode = "CustomConfig" ) -// logLevel defines the verbosity of logs emitted by Alertmanager. +// LogLevel defines the verbosity of logs emitted by Alertmanager. // Valid values are Error, Warn, Info and Debug. // +kubebuilder:validation:Enum=Error;Warn;Info;Debug type LogLevel string const ( - // Error only errors will be logged. + // LogLevelError only errors will be logged. LogLevelError LogLevel = "Error" - // Warn, both warnings and errors will be logged. + // LogLevelWarn, both warnings and errors will be logged. LogLevelWarn LogLevel = "Warn" - // Info, general information, warnings, and errors will all be logged. + // LogLevelInfo, general information, warnings, and errors will all be logged. LogLevelInfo LogLevel = "Info" - // Debug, detailed debugging information will be logged. + // LogLevelDebug, detailed debugging information will be logged. LogLevelDebug LogLevel = "Debug" ) @@ -328,7 +412,7 @@ type ContainerResource struct { // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:MaxLength=20 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity" + // +kubebuilder:validation:XValidation:rule="quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity" Request resource.Quantity `json:"request,omitempty"` // limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). @@ -339,7 +423,7 @@ type ContainerResource struct { // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:MaxLength=20 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="limit must be a positive, non-zero quantity" + // +kubebuilder:validation:XValidation:rule="quantity(self).isGreaterThan(quantity('0'))",message="limit must be a positive, non-zero quantity" Limit resource.Quantity `json:"limit,omitempty"` } @@ -572,59 +656,143 @@ type PrometheusOperatorAdmissionWebhookConfig struct { TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` } -// OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent -// that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates -// metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. +// PrometheusConfig provides configuration options for the Prometheus instance. +// Use this configuration to control +// Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations. // +kubebuilder:validation:MinProperties=1 -type OpenShiftStateMetricsConfig struct { +type PrometheusConfig struct { + // additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + // the Prometheus component. This is useful for organizations that need to: + // - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + // - Route different types of alerts to different teams or systems + // - Integrate with existing enterprise alerting infrastructure + // - Maintain separate alert routing for compliance or organizational requirements + // When omitted, no additional Alertmanager instances are configured (default behavior). + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + AdditionalAlertmanagerConfigs []AdditionalAlertmanagerConfig `json:"additionalAlertmanagerConfigs,omitempty"` + // enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + // If a scraped target's body response is larger than the limit, the scrape will fail. + // This helps protect Prometheus from targets that return excessively large responses. + // The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + // When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + // limit based on cluster capacity. Set an explicit value to override the automatic calculation. + // Minimum value is 10240 (10kB). + // Maximum value is 1073741824 (1GB). + // +kubebuilder:validation:Minimum=10240 + // +kubebuilder:validation:Maximum=1073741824 + // +optional + EnforcedBodySizeLimitBytes int64 `json:"enforcedBodySizeLimitBytes,omitempty"` + // externalLabels defines labels to be attached to time series and alerts + // when communicating with external systems such as federation, remote storage, + // and Alertmanager. These labels are not stored with metrics on disk; they are + // only added when data leaves Prometheus (e.g., during federation queries, + // remote write, or alert notifications). + // At least 1 label must be specified when set, with a maximum of 50 labels allowed. + // Each label key must be unique within this list. + // When omitted, no external labels are applied. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=50 + // +listType=map + // +listMapKey=key + ExternalLabels []Label `json:"externalLabels,omitempty"` + // logLevel defines the verbosity of logs emitted by Prometheus. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + // +optional + LogLevel LogLevel `json:"logLevel,omitempty"` // nodeSelector defines the nodes on which the Pods are scheduled. // nodeSelector is optional. // // When omitted, this means the user has no opinion and the platform is left // to choose reasonable defaults. These defaults are subject to change over time. // The current default value is `kubernetes.io/os: linux`. - // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + // and must not contain more than 10 entries. // +optional // +kubebuilder:validation:MinProperties=1 // +kubebuilder:validation:MaxProperties=10 NodeSelector map[string]string `json:"nodeSelector,omitempty"` - // resources defines the compute resource requests and limits for the openshift-state-metrics container. + // queryLogFile specifies the file to which PromQL queries are logged. + // This setting can be either a filename, in which + // case the queries are saved to an `emptyDir` volume + // at `/var/log/prometheus`, or a full path to a location where + // an `emptyDir` volume will be mounted and the queries saved. + // Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + // writing to any other `/dev/` path is not supported. Relative paths are + // also not supported. + // By default, PromQL queries are not logged. + // Must be an absolute path starting with `/` or a simple filename without path separators. + // Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + // Must contain only alphanumeric characters, '.', '_', '-', or '/'. + // Must be between 1 and 255 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._/-]+$')",message="must contain only alphanumeric characters, '.', '_', '-', or '/'" + // +kubebuilder:validation:XValidation:rule="self.startsWith('/') || !self.contains('/')",message="must be an absolute path starting with '/' or a simple filename without '/'" + // +kubebuilder:validation:XValidation:rule="!self.startsWith('/dev/') || self in ['/dev/stdout', '/dev/stderr', '/dev/null']",message="only /dev/stdout, /dev/stderr, and /dev/null are allowed as /dev/ paths" + // +kubebuilder:validation:XValidation:rule="!self.contains('//') && !self.endsWith('/') && !self.contains('..')",message="must not contain '//', end with '/', or contain '..'" + QueryLogFile string `json:"queryLogFile,omitempty"` + // remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + // Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + // When omitted, no remote write endpoints are configured. + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + // +optional + RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus container. // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. // When not specified, defaults are used by the platform. Requests cannot exceed limits. - // This field is optional. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // This is a simplified API that maps to Kubernetes ResourceRequirements. + // Each entry must have a unique resource name. + // Minimum of 1 and maximum of 10 resource entries can be specified. // The current default values are: // resources: // - name: cpu - // request: 1m - // limit: null + // request: 4m // - name: memory - // request: 32Mi - // limit: null - // Maximum length for this list is 10. - // Minimum length for this list is 1. - // Each resource name must be unique within this list. + // request: 40Mi // +optional // +listType=map // +listMapKey=name // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 Resources []ContainerResource `json:"resources,omitempty"` + // retention configures how long Prometheus retains metrics data and how much storage it can use. + // When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + // +optional + Retention Retention `json:"retention,omitempty,omitzero"` // tolerations defines tolerations for the pods. // tolerations is optional. // // When omitted, this means the user has no opinion and the platform is left // to choose reasonable defaults. These defaults are subject to change over time. // Defaults are empty/unset. - // Maximum length for this list is 10. - // Minimum length for this list is 1. + // Maximum length for this list is 10 + // Minimum length for this list is 1 // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 // +listType=atomic // +optional Tolerations []v1.Toleration `json:"tolerations,omitempty"` - // topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed + // topologySpreadConstraints defines rules for how Prometheus Pods should be distributed // across topology domains such as zones, nodes, or other user-defined labels. // topologySpreadConstraints is optional. // This helps improve high availability and resource efficiency by avoiding placing @@ -634,7 +802,7 @@ type OpenShiftStateMetricsConfig struct { // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. // Default is empty list. // Maximum length for this list is 10. - // Minimum length for this list is 1. + // Minimum length for this list is 1 // Entries must have unique topologyKey and whenUnsatisfiable pairs. // +kubebuilder:validation:MaxItems=10 // +kubebuilder:validation:MinItems=1 @@ -643,8 +811,929 @@ type OpenShiftStateMetricsConfig struct { // +listMapKey=whenUnsatisfiable // +optional TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // collectionProfile defines the metrics collection profile that Prometheus uses to collect + // metrics from the platform components. Supported values are `Full` or + // `Minimal`. In the `Full` profile (default), Prometheus collects all + // metrics that are exposed by the platform components. In the `Minimal` + // profile, Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is `Full`. + // +optional + CollectionProfile CollectionProfile `json:"collectionProfile,omitempty"` + // volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + // configure the persistent volume claim, including storage class and volume size. + // If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + // across restarts. + // +optional + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` +} + +// AlertmanagerScheme defines the URL scheme to use when communicating with Alertmanager instances. +// +kubebuilder:validation:Enum=HTTP;HTTPS +type AlertmanagerScheme string + +const ( + AlertmanagerSchemeHTTP AlertmanagerScheme = "HTTP" + AlertmanagerSchemeHTTPS AlertmanagerScheme = "HTTPS" +) + +// AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. +// The `AdditionalAlertmanagerConfig` resource defines settings for how a +// component communicates with additional Alertmanager instances. +type AdditionalAlertmanagerConfig struct { + // name is a unique identifier for this Alertmanager configuration entry. + // The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + // hyphens, or periods, and must start and end with an alphanumeric character. + // Minimum length is 1 character (empty string is invalid). + // Maximum length is 253 characters. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +required + Name string `json:"name,omitempty"` + // authorization configures the authentication method for Alertmanager connections. + // Supports bearer token authentication. When omitted, no authentication is used. + // +optional + Authorization AuthorizationConfig `json:"authorization,omitempty,omitzero"` + // pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + // For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + // set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + // This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + // When no prefix is needed, omit this field; do not set it to "/" as that would produce paths with double slashes (e.g. "//api/v1/alerts"). + // Must start with "/", must not end with "/", and must not be exactly "/". + // Must not contain query strings ("?") or fragments ("#"). + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:MinLength=2 + // +kubebuilder:validation:XValidation:rule="self.startsWith('/')",message="pathPrefix must start with '/'" + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="pathPrefix must not end with '/'" + // +kubebuilder:validation:XValidation:rule="self != '/'",message="pathPrefix must not be '/' (would produce double slashes in request path); omit for no prefix" + // +kubebuilder:validation:XValidation:rule="!self.contains('?') && !self.contains('#')",message="pathPrefix must not contain '?' or '#'" + // +optional + PathPrefix string `json:"pathPrefix,omitempty"` + // scheme defines the URL scheme to use when communicating with Alertmanager + // instances. + // Possible values are `HTTP` or `HTTPS`. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `HTTP`. + // +optional + Scheme AlertmanagerScheme `json:"scheme,omitempty"` + // staticConfigs is a list of statically configured Alertmanager endpoints in the form + // of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + // (in brackets) followed by a colon and a valid port number (1-65535). + // Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + // At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + // Each entry must be unique and non-empty (empty string is invalid). + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=255 + // +kubebuilder:validation:items:XValidation:rule="isURL('http://' + self) && size(url('http://' + self).getHostname()) > 0 && size(url('http://' + self).getPort()) > 0 && int(url('http://' + self).getPort()) >= 1 && int(url('http://' + self).getPort()) <= 65535",message="must be a valid 'host:port' where host is a DNS name, IPv4, or IPv6 address (in brackets), and port is 1-65535" + // +listType=set + // +required + StaticConfigs []string `json:"staticConfigs,omitempty"` + // timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Currently the default is 10 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + // +optional + TimeoutSeconds int32 `json:"timeoutSeconds,omitempty"` + // tlsConfig defines the TLS settings to use for Alertmanager connections. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` } +// Label represents a key/value pair for external labels. +type Label struct { + // key is the name of the label. + // Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Key string `json:"key,omitempty"` + // value is the value of the label. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Value string `json:"value,omitempty"` +} + +// RemoteWriteSpec represents configuration for remote write endpoints. +type RemoteWriteSpec struct { + // url is the URL of the remote write endpoint. + // Must be a valid URL with http or https scheme and a non-empty hostname. + // Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. + // Empty string is invalid. Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getScheme() == 'http' || url(self).getScheme() == 'https'",message="must use http or https scheme" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || size(url(self).getHostname()) > 0",message="must have a non-empty hostname" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getQuery().size() == 0",message="query parameters are not allowed" + // +kubebuilder:validation:XValidation:rule="!self.matches('.*#.*')",message="fragments are not allowed" + // +kubebuilder:validation:XValidation:rule="!self.matches('.*@.*')",message="user information (e.g. user:password@host) is not allowed" + URL string `json:"url,omitempty"` + // name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). + // This name is used in metrics and logging to differentiate remote write queues. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + // authorization defines the authorization method for the remote write endpoint. + // When omitted, no authorization is performed. + // When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + // +optional + AuthorizationConfig RemoteWriteAuthorization `json:"authorization,omitzero"` + // headers specifies the custom HTTP headers to be sent along with each remote write request. + // Sending custom headers makes the configuration of a proxy in between optional and helps the + // receiver recognize the given source better. + // Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure + // them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. + // When omitted, no custom headers are sent. + // Maximum of 50 headers can be specified. Each header name must be unique. + // Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:items:XValidation:rule="self.name.matches('^[a-zA-Z0-9_-]+$')",message="header name must contain only alphanumeric characters, hyphens, and underscores" + // +kubebuilder:validation:items:XValidation:rule="!self.name.matches('(?i)^(host|authorization|content-encoding|content-type|x-prometheus-remote-write-version|user-agent|connection|keep-alive|proxy-authenticate|proxy-authorization|www-authenticate)$')",message="header name must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate)" + // +listType=map + // +listMapKey=name + Headers []PrometheusRemoteWriteHeader `json:"headers,omitempty"` + // metadataConfig configures the sending of series metadata to remote storage. + // When omitted, no metadata is sent. + // When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + // When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds). + // +optional + MetadataConfig MetadataConfig `json:"metadataConfig,omitempty,omitzero"` + // proxyUrl defines an optional proxy URL. + // If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + // The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + // When omitted, no proxy is used. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +optional + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" + ProxyURL string `json:"proxyUrl,omitempty"` + // queueConfig allows tuning configuration for remote write queue parameters. + // When omitted, default queue configuration is used. + // +optional + QueueConfig QueueConfig `json:"queueConfig,omitempty,omitzero"` + // remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + RemoteTimeoutSeconds int32 `json:"remoteTimeoutSeconds,omitempty"` + // exemplarsMode controls whether exemplars are sent via remote write. + // Valid values are "Send", "DoNotSend" and omitted. + // When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + // Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + // When omitted or set to "DoNotSend", exemplars are not sent. + // +optional + ExemplarsMode ExemplarsMode `json:"exemplarsMode,omitempty"` + // tlsConfig defines TLS authentication settings for the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` + // writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + // When omitted, no relabeling is performed and all metrics are sent as-is. + // Minimum of 1 and maximum of 10 relabeling rules can be specified. + // Each rule must have a unique name. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + WriteRelabelConfigs []RelabelConfig `json:"writeRelabelConfigs,omitempty"` +} + +// PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. +// The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). +// Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. +// Validation is enforced on the Headers field in RemoteWriteSpec. +type PrometheusRemoteWriteHeader struct { + // name is the HTTP header name. Must not be a reserved header (see type documentation). + // Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name,omitempty"` + // value is the HTTP header value. Must be at most 4096 characters. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=4096 + Value *string `json:"value,omitempty"` +} + +// BasicAuth defines basic authentication settings for the remote write endpoint URL. +type BasicAuth struct { + // username defines the secret reference containing the username for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Username SecretKeySelector `json:"username,omitzero,omitempty"` + // password defines the secret reference containing the password for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Password SecretKeySelector `json:"password,omitzero,omitempty"` +} + +// RemoteWriteAuthorizationType defines the authorization method for remote write endpoints. +// +kubebuilder:validation:Enum=BearerToken;BasicAuth;OAuth2;SigV4;SafeAuthorization;ServiceAccount +type RemoteWriteAuthorizationType string + +const ( + // RemoteWriteAuthorizationTypeBearerToken indicates bearer token from a secret. + RemoteWriteAuthorizationTypeBearerToken RemoteWriteAuthorizationType = "BearerToken" + // RemoteWriteAuthorizationTypeBasicAuth indicates HTTP basic authentication. + RemoteWriteAuthorizationTypeBasicAuth RemoteWriteAuthorizationType = "BasicAuth" + // RemoteWriteAuthorizationTypeOAuth2 indicates OAuth2 client credentials. + RemoteWriteAuthorizationTypeOAuth2 RemoteWriteAuthorizationType = "OAuth2" + // RemoteWriteAuthorizationTypeSigV4 indicates AWS Signature Version 4. + RemoteWriteAuthorizationTypeSigV4 RemoteWriteAuthorizationType = "SigV4" + // RemoteWriteAuthorizationTypeSafeAuthorization indicates authorization from a secret (Prometheus SafeAuthorization pattern). + // The secret key contains the credentials (e.g. a Bearer token). Use the safeAuthorization field. + RemoteWriteAuthorizationTypeSafeAuthorization RemoteWriteAuthorizationType = "SafeAuthorization" + // RemoteWriteAuthorizationTypeServiceAccount indicates use of the pod's service account token for machine identity. + // No additional field is required; the operator configures the token path. + RemoteWriteAuthorizationTypeServiceAccount RemoteWriteAuthorizationType = "ServiceAccount" +) + +// RemoteWriteAuthorization defines the authorization method for a remote write endpoint. +// Exactly one of the nested configs must be set according to the type discriminator. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BasicAuth' ? has(self.basicAuth) : !has(self.basicAuth)",message="basicAuth is required when type is BasicAuth, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'OAuth2' ? has(self.oauth2) : !has(self.oauth2)",message="oauth2 is required when type is OAuth2, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SigV4' ? has(self.sigv4) : !has(self.sigv4)",message="sigv4 is required when type is SigV4, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SafeAuthorization' ? has(self.safeAuthorization) : !has(self.safeAuthorization)",message="safeAuthorization is required when type is SafeAuthorization, and forbidden otherwise" +// +union +type RemoteWriteAuthorization struct { + // type specifies the authorization method to use. + // Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + // + // When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + // + // When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. + // + // When set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set. + // + // When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. + // + // When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. + // + // When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. + // +unionDiscriminator + // +required + Type RemoteWriteAuthorizationType `json:"type,omitempty"` + // safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). + // Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. + // +unionMember + // +optional + SafeAuthorization *v1.SecretKeySelector `json:"safeAuthorization,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // +unionMember + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` + // basicAuth defines HTTP basic authentication credentials. + // Required when type is "BasicAuth", and forbidden otherwise. + // +unionMember + // +optional + BasicAuth BasicAuth `json:"basicAuth,omitempty,omitzero"` + // oauth2 defines OAuth2 client credentials authentication. + // Required when type is "OAuth2", and forbidden otherwise. + // +unionMember + // +optional + OAuth2 OAuth2 `json:"oauth2,omitempty,omitzero"` + // sigv4 defines AWS Signature Version 4 authentication. + // Required when type is "SigV4", and forbidden otherwise. + // +unionMember + // +optional + Sigv4 Sigv4 `json:"sigv4,omitempty,omitzero"` +} + +// MetadataConfigSendPolicy defines whether to send metadata with platform defaults or with custom settings. +// +kubebuilder:validation:Enum=Default;Custom +type MetadataConfigSendPolicy string + +const ( + // MetadataConfigSendPolicyDefault indicates metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + MetadataConfigSendPolicyDefault MetadataConfigSendPolicy = "Default" + // MetadataConfigSendPolicyCustom indicates metadata is sent using the settings in the custom field. + MetadataConfigSendPolicyCustom MetadataConfigSendPolicy = "Custom" +) + +// MetadataConfig defines whether and how to send series metadata to remote write storage. +// +kubebuilder:validation:XValidation:rule="self.sendPolicy == 'Default' ? self.custom.sendIntervalSeconds == 0 : true",message="custom is forbidden when sendPolicy is Default" +type MetadataConfig struct { + // sendPolicy specifies whether to send metadata and how it is configured. + // Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). + // Custom: send metadata using the settings in the custom field. + // +required + SendPolicy MetadataConfigSendPolicy `json:"sendPolicy,omitempty"` + // custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default. + // +optional + Custom MetadataConfigCustom `json:"custom,omitempty,omitzero"` +} + +// MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. +// At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds). +// +kubebuilder:validation:MinProperties=1 +type MetadataConfigCustom struct { + // sendIntervalSeconds is the interval in seconds at which metadata is sent. + // When omitted, the platform chooses a reasonable default (e.g. 30 seconds). + // Minimum value is 1 second. Maximum value is 86400 seconds (24 hours). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=86400 + SendIntervalSeconds int32 `json:"sendIntervalSeconds,omitempty"` +} + +// OAuth2 defines OAuth2 authentication settings for the remote write endpoint. +type OAuth2 struct { + // clientId defines the secret reference containing the OAuth2 client ID. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientID SecretKeySelector `json:"clientId,omitzero,omitempty"` + // clientSecret defines the secret reference containing the OAuth2 client secret. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientSecret SecretKeySelector `json:"clientSecret,omitzero,omitempty"` + // tokenUrl is the URL to fetch the token from. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getScheme() == 'http' || url(self).getScheme() == 'https'",message="must use http or https scheme" + TokenURL string `json:"tokenUrl,omitempty"` + // scopes is a list of OAuth2 scopes to request. + // When omitted, no scopes are requested. + // Maximum of 20 scopes can be specified. + // Each scope must be between 1 and 256 characters. + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +listType=atomic + Scopes []string `json:"scopes,omitempty"` + // endpointParams defines additional parameters to append to the token URL. + // When omitted, no additional parameters are sent. + // Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key). + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=20 + // +listType=map + // +listMapKey=name + EndpointParams []OAuth2EndpointParam `json:"endpointParams,omitempty"` +} + +// OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL. +type OAuth2EndpointParam struct { + // name is the parameter name. Must be between 1 and 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name,omitempty"` + // value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). + // When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the + // external system expects a parameter with an empty value (e.g. ?parameter=""). + // Must be between 0 and 2048 characters when present (aligned with common URL length recommendations). + // +optional + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=2048 + Value *string `json:"value,omitempty"` +} + +// QueueConfig allows tuning configuration for remote write queue parameters. +// Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429. +// +kubebuilder:validation:MinProperties=1 +type QueueConfig struct { + // capacity is the number of samples to buffer per shard before we start dropping them. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 10000. + // Minimum value is 1. + // Maximum value is 1000000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1000000 + Capacity int32 `json:"capacity,omitempty"` + // maxShards is the maximum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 200. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MaxShards int32 `json:"maxShards,omitempty"` + // minShards is the minimum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MinShards int32 `json:"minShards,omitempty"` + // maxSamplesPerSend is the maximum number of samples per send. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1000. + // Minimum value is 1. + // Maximum value is 100000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=100000 + MaxSamplesPerSend int32 `json:"maxSamplesPerSend,omitempty"` + // batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 3600 seconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600 + BatchSendDeadlineSeconds int32 `json:"batchSendDeadlineSeconds,omitempty"` + // minBackoffMilliseconds is the minimum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MinBackoffMilliseconds int32 `json:"minBackoffMilliseconds,omitempty"` + // maxBackoffMilliseconds is the maximum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MaxBackoffMilliseconds int32 `json:"maxBackoffMilliseconds,omitempty"` + // rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + // When omitted, no retries are performed on rate limit responses. + // When set to "Retry", Prometheus will retry such requests using the backoff settings above. + // Valid value when set is "Retry". + // +optional + RateLimitedAction RateLimitedAction `json:"rateLimitedAction,omitempty"` +} + +// Sigv4 defines AWS Signature Version 4 authentication settings. +// At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication. +// +kubebuilder:validation:MinProperties=1 +type Sigv4 struct { + // region is the AWS region. + // When omitted, the region is derived from the environment or instance metadata. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Region string `json:"region,omitempty"` + // accessKey defines the secret reference containing the AWS access key ID. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the access key is derived from the environment or instance metadata. + // +optional + AccessKey SecretKeySelector `json:"accessKey,omitempty,omitzero"` + // secretKey defines the secret reference containing the AWS secret access key. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the secret key is derived from the environment or instance metadata. + // +optional + SecretKey SecretKeySelector `json:"secretKey,omitempty,omitzero"` + // profile is the named AWS profile used to authenticate. + // When omitted, the default profile is used. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Profile string `json:"profile,omitempty"` + // roleArn is the AWS Role ARN, an alternative to using AWS API keys. + // When omitted, API keys are used for authentication. + // Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + // Must be between 1 and 512 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:XValidation:rule=`self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$')`,message="must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole)" + RoleArn string `json:"roleArn,omitempty"` +} + +// RelabelConfig represents a relabeling rule. +type RelabelConfig struct { + // name is a unique identifier for this relabel configuration. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + + // sourceLabels specifies which label names to extract from each series for this relabeling rule. + // The values of these labels are joined together using the configured separator, + // and the resulting string is then matched against the regular expression. + // If a referenced label does not exist on a series, Prometheus substitutes an empty string. + // When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + // Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + // Each entry must be unique. + // Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + // Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. + // While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + // ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=128 + // +kubebuilder:validation:items:XValidation:rule="!self.startsWith('__')",message="label names beginning with '__' (two underscores) are reserved for internal Prometheus use and are not allowed" + // +listType=set + SourceLabels []string `json:"sourceLabels,omitempty"` + + // separator is the character sequence used to join source label values. + // Common examples: ";", ",", "::", "|||". + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is ";". + // Must be between 1 and 5 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=5 + Separator string `json:"separator,omitempty"` + + // regex is the regular expression to match against the concatenated source label values. + // Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "(.*)" to match everything. + // Must be between 1 and 1000 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1000 + Regex string `json:"regex,omitempty"` + + // action defines the action to perform on the matched labels and its configuration. + // Exactly one action-specific configuration must be specified based on the action type. + // +required + Action RelabelActionConfig `json:"action,omitzero"` +} + +// RelabelActionConfig represents the action to perform and its configuration. +// Exactly one action-specific configuration must be specified based on the action type. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Replace' ? has(self.replace) : !has(self.replace)",message="replace is required when type is Replace, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'HashMod' ? has(self.hashMod) : !has(self.hashMod)",message="hashMod is required when type is HashMod, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Lowercase' ? has(self.lowercase) : !has(self.lowercase)",message="lowercase is required when type is Lowercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uppercase' ? has(self.uppercase) : !has(self.uppercase)",message="uppercase is required when type is Uppercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KeepEqual' ? has(self.keepEqual) : !has(self.keepEqual)",message="keepEqual is required when type is KeepEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'DropEqual' ? has(self.dropEqual) : !has(self.dropEqual)",message="dropEqual is required when type is DropEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'LabelMap' ? has(self.labelMap) : !has(self.labelMap)",message="labelMap is required when type is LabelMap, and forbidden otherwise" +// +union +type RelabelActionConfig struct { + // type specifies the action to perform on the matched labels. + // Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep. + // + // When set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + // + // When set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0. + // + // When set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0. + // + // When set to Keep, targets for which regex does not match the concatenated source_labels are dropped. + // + // When set to Drop, targets for which regex matches the concatenated source_labels are dropped. + // + // When set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels. + // + // When set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted. + // + // When set to LabelDrop, regex is matched against all label names; any label that matches is removed. + // + // When set to LabelKeep, regex is matched against all label names; any label that does not match is removed. + // +required + // +unionDiscriminator + Type RelabelAction `json:"type,omitempty"` + + // replace configures the Replace action. + // Required when type is Replace, and forbidden otherwise. + // +unionMember + // +optional + Replace ReplaceActionConfig `json:"replace,omitempty,omitzero"` + + // hashMod configures the HashMod action. + // Required when type is HashMod, and forbidden otherwise. + // +unionMember + // +optional + HashMod HashModActionConfig `json:"hashMod,omitempty,omitzero"` + + // labelMap configures the LabelMap action. + // Required when type is LabelMap, and forbidden otherwise. + // +unionMember + // +optional + LabelMap LabelMapActionConfig `json:"labelMap,omitempty,omitzero"` + + // lowercase configures the Lowercase action. + // Required when type is Lowercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Lowercase LowercaseActionConfig `json:"lowercase,omitempty,omitzero"` + + // uppercase configures the Uppercase action. + // Required when type is Uppercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Uppercase UppercaseActionConfig `json:"uppercase,omitempty,omitzero"` + + // keepEqual configures the KeepEqual action. + // Required when type is KeepEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + KeepEqual KeepEqualActionConfig `json:"keepEqual,omitempty,omitzero"` + + // dropEqual configures the DropEqual action. + // Required when type is DropEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + DropEqual DropEqualActionConfig `json:"dropEqual,omitempty,omitzero"` +} + +// ReplaceActionConfig configures the Replace action. +// Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match. +type ReplaceActionConfig struct { + // targetLabel is the label name where the replacement result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + + // replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. + // Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. Use an empty string ("") to explicitly clear the target label value. + // Must be between 0 and 255 characters in length. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=255 + Replacement *string `json:"replacement,omitempty"` +} + +// HashModActionConfig configures the HashMod action. +// target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus). +type HashModActionConfig struct { + // targetLabel is the label name where the hash modulus result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + + // modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). + // Required when using the HashMod action so the intended behavior is explicit. + // Must be between 1 and 1000000. + // +required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1000000 + Modulus int64 `json:"modulus,omitempty"` +} + +// LowercaseActionConfig configures the Lowercase action. +// Maps the concatenated source_labels to their lower case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type LowercaseActionConfig struct { + // targetLabel is the label name where the lower-cased value is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// UppercaseActionConfig configures the Uppercase action. +// Maps the concatenated source_labels to their upper case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type UppercaseActionConfig struct { + // targetLabel is the label name where the upper-cased value is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// KeepEqualActionConfig configures the KeepEqual action. +// Drops targets for which the concatenated source_labels do not match the value of target_label. +// Requires Prometheus >= v2.41.0. +type KeepEqualActionConfig struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// DropEqualActionConfig configures the DropEqual action. +// Drops targets for which the concatenated source_labels do match the value of target_label. +// Requires Prometheus >= v2.41.0. +type DropEqualActionConfig struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// LabelMapActionConfig configures the LabelMap action. +// Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted. +type LabelMapActionConfig struct { + // replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. + // Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. + // Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + Replacement string `json:"replacement,omitempty"` +} + +// TLSConfig represents TLS configuration for Alertmanager connections. +// At least one TLS configuration option must be specified. +// For mutual TLS (mTLS), both cert and key must be specified together, or both omitted. +// +kubebuilder:validation:MinProperties=1 +// +kubebuilder:validation:XValidation:rule="(has(self.cert) && has(self.key)) || (!has(self.cert) && !has(self.key))",message="cert and key must both be specified together for mutual TLS, or both be omitted" +type TLSConfig struct { + // ca is an optional CA certificate to use for TLS connections. + // When omitted, the system's default CA bundle is used. + // +optional + CA SecretKeySelector `json:"ca,omitempty,omitzero"` + // cert is an optional client certificate to use for mutual TLS connections. + // When omitted, no client certificate is presented. + // +optional + Cert SecretKeySelector `json:"cert,omitempty,omitzero"` + // key is an optional client key to use for mutual TLS connections. + // When omitted, no client key is used. + // +optional + Key SecretKeySelector `json:"key,omitempty,omitzero"` + // serverName is an optional server name to use for TLS connections. + // When specified, must be a valid DNS subdomain as per RFC 1123. + // When omitted, the server name is derived from the URL. + // Must be between 1 and 253 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid DNS subdomain (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + ServerName string `json:"serverName,omitempty"` + // certificateVerification determines the policy for TLS certificate verification. + // Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "Verify". + // +optional + CertificateVerification CertificateVerificationType `json:"certificateVerification,omitempty"` +} + +// CertificateVerificationType defines the TLS certificate verification policy. +// +kubebuilder:validation:Enum=Verify;SkipVerify +type CertificateVerificationType string + +const ( + // CertificateVerificationVerify performs certificate verification (secure, recommended). + CertificateVerificationVerify CertificateVerificationType = "Verify" + // CertificateVerificationSkipVerify skips certificate verification (insecure, use with caution). + CertificateVerificationSkipVerify CertificateVerificationType = "SkipVerify" +) + +// AuthorizationType defines the type of authentication to use. +// +kubebuilder:validation:Enum=BearerToken +type AuthorizationType string + +const ( + // AuthorizationTypeBearerToken indicates bearer token authentication. + AuthorizationTypeBearerToken AuthorizationType = "BearerToken" +) + +// AuthorizationConfig defines the authentication method for Alertmanager connections. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken" +// +union +type AuthorizationConfig struct { + // type specifies the authentication type to use. + // Valid value is "BearerToken" (bearer token authentication). + // When set to BearerToken, the bearerToken field must be specified. + // +unionDiscriminator + // +required + Type AuthorizationType `json:"type,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // The secret must exist in the openshift-monitoring namespace. + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` +} + +// SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace. +// +structType=atomic +type SecretKeySelector struct { + // name is the name of the secret in the `openshift-monitoring` namespace to select from. + // Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid secret name (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + Name string `json:"name,omitempty"` + // key is the key of the secret to select from. + // Must consist of alphanumeric characters, '-', '_', or '.'. + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="must contain only alphanumeric characters, '-', '_', or '.'" + Key string `json:"key,omitempty"` +} + +// Retention configures how long Prometheus retains metrics data and how much storage it can use. +// +kubebuilder:validation:MinProperties=1 +type Retention struct { + // durationInDays specifies how many days Prometheus will retain metrics data. + // Prometheus automatically deletes data older than this duration. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 15. + // Minimum value is 1 day. + // Maximum value is 365 days (1 year). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=365 + // +optional + DurationInDays int32 `json:"durationInDays,omitempty"` + // sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + // can use for data blocks and the write-ahead log (WAL). + // When the limit is reached, Prometheus will delete oldest data first. + // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + // Minimum value is 1 GiB. + // Maximum value is 16384 GiB (16 TiB). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=16384 + // +optional + SizeInGiB int32 `json:"sizeInGiB,omitempty"` +} + +// RelabelAction defines the action to perform in a relabeling rule. +// +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep;Lowercase;Uppercase;KeepEqual;DropEqual +type RelabelAction string + +const ( + // RelabelActionReplace: match regex against concatenated source_labels; set target_label to replacement with ${1}, ${2}, ... substituted. No replacement if regex does not match. + RelabelActionReplace RelabelAction = "Replace" + // RelabelActionLowercase: map the concatenated source_labels to their lower case. + RelabelActionLowercase RelabelAction = "Lowercase" + // RelabelActionUppercase: map the concatenated source_labels to their upper case. + RelabelActionUppercase RelabelAction = "Uppercase" + // RelabelActionKeep: drop targets for which regex does not match the concatenated source_labels. + RelabelActionKeep RelabelAction = "Keep" + // RelabelActionDrop: drop targets for which regex matches the concatenated source_labels. + RelabelActionDrop RelabelAction = "Drop" + // RelabelActionKeepEqual: drop targets for which the concatenated source_labels do not match target_label. + RelabelActionKeepEqual RelabelAction = "KeepEqual" + // RelabelActionDropEqual: drop targets for which the concatenated source_labels do match target_label. + RelabelActionDropEqual RelabelAction = "DropEqual" + // RelabelActionHashMod: set target_label to the modulus of a hash of the concatenated source_labels. + RelabelActionHashMod RelabelAction = "HashMod" + // RelabelActionLabelMap: match regex against all source label names; copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + RelabelActionLabelMap RelabelAction = "LabelMap" + // RelabelActionLabelDrop: match regex against all label names; any label that matches is removed. + RelabelActionLabelDrop RelabelAction = "LabelDrop" + // RelabelActionLabelKeep: match regex against all label names; any label that does not match is removed. + RelabelActionLabelKeep RelabelAction = "LabelKeep" +) + +// CollectionProfile defines the metrics collection profile for Prometheus. +// +kubebuilder:validation:Enum=Full;Minimal +type CollectionProfile string + +const ( + // CollectionProfileFull means Prometheus collects all metrics that are exposed by the platform components. + CollectionProfileFull CollectionProfile = "Full" + // CollectionProfileMinimal means Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + CollectionProfileMinimal CollectionProfile = "Minimal" +) + // AuditProfile defines the audit log level for the Metrics Server. // +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse type AuditProfile string @@ -675,6 +1764,27 @@ const ( VerbosityLevelTraceAll VerbosityLevel = "TraceAll" ) +// ExemplarsMode defines whether exemplars are sent via remote write. +// +kubebuilder:validation:Enum=Send;DoNotSend +type ExemplarsMode string + +const ( + // ExemplarsModeSend means exemplars are sent via remote write. + ExemplarsModeSend ExemplarsMode = "Send" + // ExemplarsModeDoNotSend means exemplars are not sent via remote write. + ExemplarsModeDoNotSend ExemplarsMode = "DoNotSend" +) + +// RateLimitedAction defines what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). +// Omission of this field means do not retry. When set, the only valid value is Retry. +// +kubebuilder:validation:Enum=Retry +type RateLimitedAction string + +const ( + // RateLimitedActionRetry means requests will be retried on HTTP 429 responses. + RateLimitedActionRetry RateLimitedAction = "Retry" +) + // Audit profile configurations type Audit struct { // profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml index 93ebf32de5e..88eb7d9a879 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml @@ -132,7 +132,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -160,7 +160,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -454,12 +454,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -982,7 +980,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -1010,7 +1008,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -1346,7 +1344,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -1374,7 +1372,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -1634,6 +1632,2359 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Entries must have unique names (name is the list key). + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", and forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the bearerToken field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + When no prefix is needed, omit this field; do not set it to "/" as that would produce paths with double slashes (e.g. "//api/v1/alerts"). + Must start with "/", must not end with "/", and must not be exactly "/". + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 2 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' + rule: '!self.endsWith(''/'')' + - message: pathPrefix must not be '/' (would produce double + slashes in request path); omit for no prefix + rule: self != '/' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique and non-empty (empty string is invalid). + items: + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Entries must have unique names (name is the list key). + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + authorization: + description: |- + authorization defines the authorization method for the remote write endpoint. + When omitted, no authorization is performed. + When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + properties: + basicAuth: + description: |- + basicAuth defines HTTP basic authentication credentials. + Required when type is "BasicAuth", and forbidden otherwise. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", and forbidden otherwise. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + oauth2: + description: |- + oauth2 defines OAuth2 client credentials authentication. + Required when type is "OAuth2", and forbidden otherwise. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key). + items: + description: OAuth2EndpointParam defines a name/value + parameter for the OAuth2 token URL. + properties: + name: + description: name is the parameter name. Must + be between 1 and 256 characters. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). + When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the + external system expects a parameter with an empty value (e.g. ?parameter=""). + Must be between 0 and 2048 characters when present (aligned with common URL length recommendations). + maxLength: 2048 + minLength: 0 + type: string + required: + - name + type: object + maxItems: 20 + minItems: 0 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + minItems: 0 + type: array + x-kubernetes-list-type: atomic + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: must use http or https scheme + rule: '!isURL(self) || url(self).getScheme() == + ''http'' || url(self).getScheme() == ''https''' + required: + - clientId + - clientSecret + - tokenUrl + type: object + safeAuthorization: + description: |- + safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). + Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication. + Required when type is "SigV4", and forbidden otherwise. + minProperties: 1 + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., + arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + type: + description: |- + type specifies the authorization method to use. + Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + + When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + + When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. + + When set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set. + + When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. + + When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. + + When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. + enum: + - BearerToken + - BasicAuth + - OAuth2 + - SigV4 + - SafeAuthorization + - ServiceAccount + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + - message: basicAuth is required when type is BasicAuth, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BasicAuth'' ? + has(self.basicAuth) : !has(self.basicAuth)' + - message: oauth2 is required when type is OAuth2, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''OAuth2'' ? has(self.oauth2) + : !has(self.oauth2)' + - message: sigv4 is required when type is SigV4, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''SigV4'' ? has(self.sigv4) + : !has(self.sigv4)' + - message: safeAuthorization is required when type is SafeAuthorization, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''SafeAuthorization'' + ? has(self.safeAuthorization) : !has(self.safeAuthorization)' + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + Valid values are "Send", "DoNotSend" and omitted. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + enum: + - Send + - DoNotSend + type: string + headers: + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Sending custom headers makes the configuration of a proxy in between optional and helps the + receiver recognize the given source better. + Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure + them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. Each header name must be unique. + Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + items: + description: |- + PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. + The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. + Validation is enforced on the Headers field in RemoteWriteSpec. + properties: + name: + description: |- + name is the HTTP header name. Must not be a reserved header (see type documentation). + Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the HTTP header value. Must + be at most 4096 characters. + maxLength: 4096 + minLength: 0 + type: string + required: + - name + - value + type: object + x-kubernetes-validations: + - message: header name must contain only alphanumeric + characters, hyphens, and underscores + rule: self.name.matches('^[a-zA-Z0-9_-]+$') + - message: header name must not be a reserved Prometheus + header (Host, Authorization, Content-Encoding, Content-Type, + X-Prometheus-Remote-Write-Version, User-Agent, Connection, + Keep-Alive, Proxy-Authenticate, Proxy-Authorization, + WWW-Authenticate) + rule: '!self.name.matches(''(?i)^(host|authorization|content-encoding|content-type|x-prometheus-remote-write-version|user-agent|connection|keep-alive|proxy-authenticate|proxy-authorization|www-authenticate)$'')' + maxItems: 50 + minItems: 0 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + metadataConfig: + description: |- + metadataConfig configures the sending of series metadata to remote storage. + When omitted, no metadata is sent. + When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds). + properties: + custom: + description: custom defines custom metadata send settings. + Required when sendPolicy is Custom (must have at least + one property), and forbidden when sendPolicy is Default. + minProperties: 1 + properties: + sendIntervalSeconds: + description: |- + sendIntervalSeconds is the interval in seconds at which metadata is sent. + When omitted, the platform chooses a reasonable default (e.g. 30 seconds). + Minimum value is 1 second. Maximum value is 86400 seconds (24 hours). + format: int32 + maximum: 86400 + minimum: 1 + type: integer + type: object + sendPolicy: + description: |- + sendPolicy specifies whether to send metadata and how it is configured. + Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). + Custom: send metadata using the settings in the custom field. + enum: + - Default + - Custom + type: string + required: + - sendPolicy + type: object + x-kubernetes-validations: + - message: custom is forbidden when sendPolicy is Default + rule: 'self.sendPolicy == ''Default'' ? self.custom.sendIntervalSeconds + == 0 : true' + name: + description: |- + name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). + This name is used in metrics and logging to differentiate remote write queues. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + proxyUrl: + description: |- + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + minProperties: 1 + properties: + batchSendDeadlineSeconds: + description: |- + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 second. + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoffMilliseconds: + description: |- + maxBackoffMilliseconds is the maximum retry delay in milliseconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 millisecond. + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoffMilliseconds: + description: |- + minBackoffMilliseconds is the minimum retry delay in milliseconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 millisecond. + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + rateLimitedAction: + description: |- + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When omitted, no retries are performed on rate limit responses. + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + Valid value when set is "Retry". + enum: + - Retry + type: string + type: object + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme and a non-empty hostname. + Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. + Empty string is invalid. Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: must use http or https scheme + rule: '!isURL(self) || url(self).getScheme() == ''http'' + || url(self).getScheme() == ''https''' + - message: must have a non-empty hostname + rule: '!isURL(self) || size(url(self).getHostname()) > + 0' + - message: query parameters are not allowed + rule: '!isURL(self) || url(self).getQuery().size() == + 0' + - message: fragments are not allowed + rule: '!self.matches(''.*#.*'')' + - message: user information (e.g. user:password@host) is + not allowed + rule: '!self.matches(''.*@.*'')' + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. + properties: + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when type is DropEqual, and forbidden otherwise. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when type is HashMod, and forbidden otherwise. + properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). + Required when using the HashMod action so the intended behavior is explicit. + Must be between 1 and 1000000. + format: int64 + maximum: 1000000 + minimum: 1 + type: integer + targetLabel: + description: |- + targetLabel is the label name where the hash modulus result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - modulus + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when type is KeepEqual, and forbidden otherwise. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when type is LabelMap, and forbidden otherwise. + properties: + replacement: + description: |- + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. + Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. + Use "$1" for the first capture group, "$2" for the second, etc. + Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names. + maxLength: 255 + minLength: 1 + type: string + required: + - replacement + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase, and forbidden otherwise. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the label name where the lower-cased value is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace, and forbidden otherwise. + properties: + replacement: + description: |- + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. + Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. + Use "$1" for the first capture group, "$2" for the second, etc. Use an empty string ("") to explicitly clear the target label value. + Must be between 0 and 255 characters in length. + maxLength: 255 + minLength: 0 + type: string + targetLabel: + description: |- + targetLabel is the label name where the replacement result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - replacement + - targetLabel + type: object + type: + description: |- + type specifies the action to perform on the matched labels. + Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep. + + When set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + + When set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0. + + When set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0. + + When set to Keep, targets for which regex does not match the concatenated source_labels are dropped. + + When set to Drop, targets for which regex matches the concatenated source_labels are dropped. + + When set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0. + + When set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0. + + When set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels. + + When set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted. + + When set to LabelDrop, regex is matched against all label names; any label that matches is removed. + + When set to LabelKeep, regex is matched against all label names; any label that does not match is removed. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase, and forbidden otherwise. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the label name where the upper-cased value is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + required: + - type + type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). + items: + maxLength: 128 + minLength: 1 + type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - action + - name + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorAdmissionWebhookConfig: description: |- prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the @@ -1683,7 +4034,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -1711,7 +4062,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -1997,7 +4348,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -2025,7 +4376,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index f7add2d4ce9..92adab71880 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -11,6 +11,29 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalAlertmanagerConfig) DeepCopyInto(out *AdditionalAlertmanagerConfig) { + *out = *in + out.Authorization = in.Authorization + if in.StaticConfigs != nil { + in, out := &in.StaticConfigs, &out.StaticConfigs + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.TLSConfig = in.TLSConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalAlertmanagerConfig. +func (in *AdditionalAlertmanagerConfig) DeepCopy() *AdditionalAlertmanagerConfig { + if in == nil { + return nil + } + out := new(AdditionalAlertmanagerConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AlertmanagerConfig) DeepCopyInto(out *AlertmanagerConfig) { *out = *in @@ -98,6 +121,23 @@ func (in *Audit) DeepCopy() *Audit { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizationConfig) DeepCopyInto(out *AuthorizationConfig) { + *out = *in + out.BearerToken = in.BearerToken + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationConfig. +func (in *AuthorizationConfig) DeepCopy() *AuthorizationConfig { + if in == nil { + return nil + } + out := new(AuthorizationConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backup) DeepCopyInto(out *Backup) { *out = *in @@ -192,6 +232,24 @@ func (in *BackupStatus) DeepCopy() *BackupStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BasicAuth) DeepCopyInto(out *BasicAuth) { + *out = *in + out.Username = in.Username + out.Password = in.Password + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth. +func (in *BasicAuth) DeepCopy() *BasicAuth { + if in == nil { + return nil + } + out := new(BasicAuth) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CRIOCredentialProviderConfig) DeepCopyInto(out *CRIOCredentialProviderConfig) { *out = *in @@ -490,6 +548,7 @@ func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { *out = *in out.UserDefined = in.UserDefined in.AlertmanagerConfig.DeepCopyInto(&out.AlertmanagerConfig) + in.PrometheusConfig.DeepCopyInto(&out.PrometheusConfig) in.MetricsServerConfig.DeepCopyInto(&out.MetricsServerConfig) in.PrometheusOperatorConfig.DeepCopyInto(&out.PrometheusOperatorConfig) in.PrometheusOperatorAdmissionWebhookConfig.DeepCopyInto(&out.PrometheusOperatorAdmissionWebhookConfig) @@ -575,6 +634,22 @@ func (in *DefaultCertificateConfig) DeepCopy() *DefaultCertificateConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DropEqualActionConfig) DeepCopyInto(out *DropEqualActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DropEqualActionConfig. +func (in *DropEqualActionConfig) DeepCopy() *DropEqualActionConfig { + if in == nil { + return nil + } + out := new(DropEqualActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ECDSAKeyConfig) DeepCopyInto(out *ECDSAKeyConfig) { *out = *in @@ -634,6 +709,22 @@ func (in *GatherConfig) DeepCopy() *GatherConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HashModActionConfig) DeepCopyInto(out *HashModActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashModActionConfig. +func (in *HashModActionConfig) DeepCopy() *HashModActionConfig { + if in == nil { + return nil + } + out := new(HashModActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePolicy) DeepCopyInto(out *ImagePolicy) { *out = *in @@ -932,6 +1023,22 @@ func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KeepEqualActionConfig) DeepCopyInto(out *KeepEqualActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeepEqualActionConfig. +func (in *KeepEqualActionConfig) DeepCopy() *KeepEqualActionConfig { + if in == nil { + return nil + } + out := new(KeepEqualActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KeyConfig) DeepCopyInto(out *KeyConfig) { *out = *in @@ -950,6 +1057,87 @@ func (in *KeyConfig) DeepCopy() *KeyConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Label) DeepCopyInto(out *Label) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Label. +func (in *Label) DeepCopy() *Label { + if in == nil { + return nil + } + out := new(Label) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LabelMapActionConfig) DeepCopyInto(out *LabelMapActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LabelMapActionConfig. +func (in *LabelMapActionConfig) DeepCopy() *LabelMapActionConfig { + if in == nil { + return nil + } + out := new(LabelMapActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LowercaseActionConfig) DeepCopyInto(out *LowercaseActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LowercaseActionConfig. +func (in *LowercaseActionConfig) DeepCopy() *LowercaseActionConfig { + if in == nil { + return nil + } + out := new(LowercaseActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetadataConfig) DeepCopyInto(out *MetadataConfig) { + *out = *in + out.Custom = in.Custom + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataConfig. +func (in *MetadataConfig) DeepCopy() *MetadataConfig { + if in == nil { + return nil + } + out := new(MetadataConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MetadataConfigCustom) DeepCopyInto(out *MetadataConfigCustom) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataConfigCustom. +func (in *MetadataConfigCustom) DeepCopy() *MetadataConfigCustom { + if in == nil { + return nil + } + out := new(MetadataConfigCustom) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { *out = *in @@ -995,6 +1183,57 @@ func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuth2) DeepCopyInto(out *OAuth2) { + *out = *in + out.ClientID = in.ClientID + out.ClientSecret = in.ClientSecret + if in.Scopes != nil { + in, out := &in.Scopes, &out.Scopes + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.EndpointParams != nil { + in, out := &in.EndpointParams, &out.EndpointParams + *out = make([]OAuth2EndpointParam, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2. +func (in *OAuth2) DeepCopy() *OAuth2 { + if in == nil { + return nil + } + out := new(OAuth2) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuth2EndpointParam) DeepCopyInto(out *OAuth2EndpointParam) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2EndpointParam. +func (in *OAuth2EndpointParam) DeepCopy() *OAuth2EndpointParam { + if in == nil { + return nil + } + out := new(OAuth2EndpointParam) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OpenShiftStateMetricsConfig) DeepCopyInto(out *OpenShiftStateMetricsConfig) { *out = *in @@ -1307,6 +1546,75 @@ func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig) { + *out = *in + if in.AdditionalAlertmanagerConfigs != nil { + in, out := &in.AdditionalAlertmanagerConfigs, &out.AdditionalAlertmanagerConfigs + *out = make([]AdditionalAlertmanagerConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExternalLabels != nil { + in, out := &in.ExternalLabels, &out.ExternalLabels + *out = make([]Label, len(*in)) + copy(*out, *in) + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.RemoteWrite != nil { + in, out := &in.RemoteWrite, &out.RemoteWrite + *out = make([]RemoteWriteSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.Retention = in.Retention + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.VolumeClaimTemplate != nil { + in, out := &in.VolumeClaimTemplate, &out.VolumeClaimTemplate + *out = new(v1.PersistentVolumeClaim) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig. +func (in *PrometheusConfig) DeepCopy() *PrometheusConfig { + if in == nil { + return nil + } + out := new(PrometheusConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrometheusOperatorAdmissionWebhookConfig) DeepCopyInto(out *PrometheusOperatorAdmissionWebhookConfig) { *out = *in @@ -1381,6 +1689,43 @@ func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusRemoteWriteHeader) DeepCopyInto(out *PrometheusRemoteWriteHeader) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusRemoteWriteHeader. +func (in *PrometheusRemoteWriteHeader) DeepCopy() *PrometheusRemoteWriteHeader { + if in == nil { + return nil + } + out := new(PrometheusRemoteWriteHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueueConfig) DeepCopyInto(out *QueueConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueueConfig. +func (in *QueueConfig) DeepCopy() *QueueConfig { + if in == nil { + return nil + } + out := new(QueueConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RSAKeyConfig) DeepCopyInto(out *RSAKeyConfig) { *out = *in @@ -1397,6 +1742,147 @@ func (in *RSAKeyConfig) DeepCopy() *RSAKeyConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelActionConfig) DeepCopyInto(out *RelabelActionConfig) { + *out = *in + in.Replace.DeepCopyInto(&out.Replace) + out.HashMod = in.HashMod + out.LabelMap = in.LabelMap + out.Lowercase = in.Lowercase + out.Uppercase = in.Uppercase + out.KeepEqual = in.KeepEqual + out.DropEqual = in.DropEqual + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelActionConfig. +func (in *RelabelActionConfig) DeepCopy() *RelabelActionConfig { + if in == nil { + return nil + } + out := new(RelabelActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { + *out = *in + if in.SourceLabels != nil { + in, out := &in.SourceLabels, &out.SourceLabels + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelConfig. +func (in *RelabelConfig) DeepCopy() *RelabelConfig { + if in == nil { + return nil + } + out := new(RelabelConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteWriteAuthorization) DeepCopyInto(out *RemoteWriteAuthorization) { + *out = *in + if in.SafeAuthorization != nil { + in, out := &in.SafeAuthorization, &out.SafeAuthorization + *out = new(v1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } + out.BearerToken = in.BearerToken + out.BasicAuth = in.BasicAuth + in.OAuth2.DeepCopyInto(&out.OAuth2) + out.Sigv4 = in.Sigv4 + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteAuthorization. +func (in *RemoteWriteAuthorization) DeepCopy() *RemoteWriteAuthorization { + if in == nil { + return nil + } + out := new(RemoteWriteAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { + *out = *in + in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make([]PrometheusRemoteWriteHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.MetadataConfig = in.MetadataConfig + out.QueueConfig = in.QueueConfig + out.TLSConfig = in.TLSConfig + if in.WriteRelabelConfigs != nil { + in, out := &in.WriteRelabelConfigs, &out.WriteRelabelConfigs + *out = make([]RelabelConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteSpec. +func (in *RemoteWriteSpec) DeepCopy() *RemoteWriteSpec { + if in == nil { + return nil + } + out := new(RemoteWriteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplaceActionConfig) DeepCopyInto(out *ReplaceActionConfig) { + *out = *in + if in.Replacement != nil { + in, out := &in.Replacement, &out.Replacement + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplaceActionConfig. +func (in *ReplaceActionConfig) DeepCopy() *ReplaceActionConfig { + if in == nil { + return nil + } + out := new(ReplaceActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Retention) DeepCopyInto(out *Retention) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Retention. +func (in *Retention) DeepCopy() *Retention { + if in == nil { + return nil + } + out := new(Retention) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RetentionNumberConfig) DeepCopyInto(out *RetentionNumberConfig) { *out = *in @@ -1455,6 +1941,40 @@ func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Sigv4) DeepCopyInto(out *Sigv4) { + *out = *in + out.AccessKey = in.AccessKey + out.SecretKey = in.SecretKey + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sigv4. +func (in *Sigv4) DeepCopy() *Sigv4 { + if in == nil { + return nil + } + out := new(Sigv4) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Storage) DeepCopyInto(out *Storage) { *out = *in @@ -1476,6 +1996,41 @@ func (in *Storage) DeepCopy() *Storage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { + *out = *in + out.CA = in.CA + out.Cert = in.Cert + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. +func (in *TLSConfig) DeepCopy() *TLSConfig { + if in == nil { + return nil + } + out := new(TLSConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UppercaseActionConfig) DeepCopyInto(out *UppercaseActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UppercaseActionConfig. +func (in *UppercaseActionConfig) DeepCopy() *UppercaseActionConfig { + if in == nil { + return nil + } + out := new(UppercaseActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserDefinedMonitoring) DeepCopyInto(out *UserDefinedMonitoring) { *out = *in diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 847b022ea54..b717f487726 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -132,7 +132,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -160,7 +160,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -454,12 +454,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -982,7 +980,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -1010,7 +1008,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -1346,7 +1344,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -1374,7 +1372,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -1634,6 +1632,2359 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Entries must have unique names (name is the list key). + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", and forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the bearerToken field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + When no prefix is needed, omit this field; do not set it to "/" as that would produce paths with double slashes (e.g. "//api/v1/alerts"). + Must start with "/", must not end with "/", and must not be exactly "/". + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 2 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' + rule: '!self.endsWith(''/'')' + - message: pathPrefix must not be '/' (would produce double + slashes in request path); omit for no prefix + rule: self != '/' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique and non-empty (empty string is invalid). + items: + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Entries must have unique names (name is the list key). + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + authorization: + description: |- + authorization defines the authorization method for the remote write endpoint. + When omitted, no authorization is performed. + When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + properties: + basicAuth: + description: |- + basicAuth defines HTTP basic authentication credentials. + Required when type is "BasicAuth", and forbidden otherwise. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", and forbidden otherwise. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + oauth2: + description: |- + oauth2 defines OAuth2 client credentials authentication. + Required when type is "OAuth2", and forbidden otherwise. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key). + items: + description: OAuth2EndpointParam defines a name/value + parameter for the OAuth2 token URL. + properties: + name: + description: name is the parameter name. Must + be between 1 and 256 characters. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). + When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the + external system expects a parameter with an empty value (e.g. ?parameter=""). + Must be between 0 and 2048 characters when present (aligned with common URL length recommendations). + maxLength: 2048 + minLength: 0 + type: string + required: + - name + type: object + maxItems: 20 + minItems: 0 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + minItems: 0 + type: array + x-kubernetes-list-type: atomic + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: must use http or https scheme + rule: '!isURL(self) || url(self).getScheme() == + ''http'' || url(self).getScheme() == ''https''' + required: + - clientId + - clientSecret + - tokenUrl + type: object + safeAuthorization: + description: |- + safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). + Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication. + Required when type is "SigV4", and forbidden otherwise. + minProperties: 1 + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., + arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + type: + description: |- + type specifies the authorization method to use. + Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + + When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + + When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. + + When set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set. + + When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. + + When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. + + When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. + enum: + - BearerToken + - BasicAuth + - OAuth2 + - SigV4 + - SafeAuthorization + - ServiceAccount + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + - message: basicAuth is required when type is BasicAuth, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BasicAuth'' ? + has(self.basicAuth) : !has(self.basicAuth)' + - message: oauth2 is required when type is OAuth2, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''OAuth2'' ? has(self.oauth2) + : !has(self.oauth2)' + - message: sigv4 is required when type is SigV4, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''SigV4'' ? has(self.sigv4) + : !has(self.sigv4)' + - message: safeAuthorization is required when type is SafeAuthorization, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''SafeAuthorization'' + ? has(self.safeAuthorization) : !has(self.safeAuthorization)' + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + Valid values are "Send", "DoNotSend" and omitted. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + enum: + - Send + - DoNotSend + type: string + headers: + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Sending custom headers makes the configuration of a proxy in between optional and helps the + receiver recognize the given source better. + Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure + them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. Each header name must be unique. + Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + items: + description: |- + PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. + The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. + Validation is enforced on the Headers field in RemoteWriteSpec. + properties: + name: + description: |- + name is the HTTP header name. Must not be a reserved header (see type documentation). + Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the HTTP header value. Must + be at most 4096 characters. + maxLength: 4096 + minLength: 0 + type: string + required: + - name + - value + type: object + x-kubernetes-validations: + - message: header name must contain only alphanumeric + characters, hyphens, and underscores + rule: self.name.matches('^[a-zA-Z0-9_-]+$') + - message: header name must not be a reserved Prometheus + header (Host, Authorization, Content-Encoding, Content-Type, + X-Prometheus-Remote-Write-Version, User-Agent, Connection, + Keep-Alive, Proxy-Authenticate, Proxy-Authorization, + WWW-Authenticate) + rule: '!self.name.matches(''(?i)^(host|authorization|content-encoding|content-type|x-prometheus-remote-write-version|user-agent|connection|keep-alive|proxy-authenticate|proxy-authorization|www-authenticate)$'')' + maxItems: 50 + minItems: 0 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + metadataConfig: + description: |- + metadataConfig configures the sending of series metadata to remote storage. + When omitted, no metadata is sent. + When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds). + properties: + custom: + description: custom defines custom metadata send settings. + Required when sendPolicy is Custom (must have at least + one property), and forbidden when sendPolicy is Default. + minProperties: 1 + properties: + sendIntervalSeconds: + description: |- + sendIntervalSeconds is the interval in seconds at which metadata is sent. + When omitted, the platform chooses a reasonable default (e.g. 30 seconds). + Minimum value is 1 second. Maximum value is 86400 seconds (24 hours). + format: int32 + maximum: 86400 + minimum: 1 + type: integer + type: object + sendPolicy: + description: |- + sendPolicy specifies whether to send metadata and how it is configured. + Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). + Custom: send metadata using the settings in the custom field. + enum: + - Default + - Custom + type: string + required: + - sendPolicy + type: object + x-kubernetes-validations: + - message: custom is forbidden when sendPolicy is Default + rule: 'self.sendPolicy == ''Default'' ? self.custom.sendIntervalSeconds + == 0 : true' + name: + description: |- + name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). + This name is used in metrics and logging to differentiate remote write queues. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + proxyUrl: + description: |- + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + minProperties: 1 + properties: + batchSendDeadlineSeconds: + description: |- + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 second. + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoffMilliseconds: + description: |- + maxBackoffMilliseconds is the maximum retry delay in milliseconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 millisecond. + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoffMilliseconds: + description: |- + minBackoffMilliseconds is the minimum retry delay in milliseconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 millisecond. + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + rateLimitedAction: + description: |- + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When omitted, no retries are performed on rate limit responses. + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + Valid value when set is "Retry". + enum: + - Retry + type: string + type: object + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme and a non-empty hostname. + Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. + Empty string is invalid. Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: must use http or https scheme + rule: '!isURL(self) || url(self).getScheme() == ''http'' + || url(self).getScheme() == ''https''' + - message: must have a non-empty hostname + rule: '!isURL(self) || size(url(self).getHostname()) > + 0' + - message: query parameters are not allowed + rule: '!isURL(self) || url(self).getQuery().size() == + 0' + - message: fragments are not allowed + rule: '!self.matches(''.*#.*'')' + - message: user information (e.g. user:password@host) is + not allowed + rule: '!self.matches(''.*@.*'')' + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. + properties: + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when type is DropEqual, and forbidden otherwise. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when type is HashMod, and forbidden otherwise. + properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). + Required when using the HashMod action so the intended behavior is explicit. + Must be between 1 and 1000000. + format: int64 + maximum: 1000000 + minimum: 1 + type: integer + targetLabel: + description: |- + targetLabel is the label name where the hash modulus result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - modulus + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when type is KeepEqual, and forbidden otherwise. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when type is LabelMap, and forbidden otherwise. + properties: + replacement: + description: |- + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. + Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. + Use "$1" for the first capture group, "$2" for the second, etc. + Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names. + maxLength: 255 + minLength: 1 + type: string + required: + - replacement + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase, and forbidden otherwise. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the label name where the lower-cased value is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace, and forbidden otherwise. + properties: + replacement: + description: |- + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. + Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. + Use "$1" for the first capture group, "$2" for the second, etc. Use an empty string ("") to explicitly clear the target label value. + Must be between 0 and 255 characters in length. + maxLength: 255 + minLength: 0 + type: string + targetLabel: + description: |- + targetLabel is the label name where the replacement result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - replacement + - targetLabel + type: object + type: + description: |- + type specifies the action to perform on the matched labels. + Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep. + + When set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + + When set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0. + + When set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0. + + When set to Keep, targets for which regex does not match the concatenated source_labels are dropped. + + When set to Drop, targets for which regex matches the concatenated source_labels are dropped. + + When set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0. + + When set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0. + + When set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels. + + When set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted. + + When set to LabelDrop, regex is matched against all label names; any label that matches is removed. + + When set to LabelKeep, regex is matched against all label names; any label that does not match is removed. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase, and forbidden otherwise. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the label name where the upper-cased value is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + required: + - type + type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). + items: + maxLength: 128 + minLength: 1 + type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - action + - name + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorAdmissionWebhookConfig: description: |- prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the @@ -1683,7 +4034,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -1711,7 +4062,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -1997,7 +4348,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -2025,7 +4376,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 728cde2d5fa..6ab03a158f9 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -118,6 +118,21 @@ func (ClusterImagePolicyStatus) SwaggerDoc() map[string]string { return map_ClusterImagePolicyStatus } +var map_AdditionalAlertmanagerConfig = map[string]string{ + "": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "name": "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", + "authorization": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "pathPrefix": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", + "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", + "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", + "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "tlsConfig": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", +} + +func (AdditionalAlertmanagerConfig) SwaggerDoc() map[string]string { + return map_AdditionalAlertmanagerConfig +} + var map_AlertmanagerConfig = map[string]string{ "": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "deploymentMode": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", @@ -136,7 +151,7 @@ var map_AlertmanagerCustomConfig = map[string]string{ "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "volumeClaimTemplate": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", } func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string { @@ -152,6 +167,26 @@ func (Audit) SwaggerDoc() map[string]string { return map_Audit } +var map_AuthorizationConfig = map[string]string{ + "": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "type": "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", +} + +func (AuthorizationConfig) SwaggerDoc() map[string]string { + return map_AuthorizationConfig +} + +var map_BasicAuth = map[string]string{ + "": "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + "username": "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "password": "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", +} + +func (BasicAuth) SwaggerDoc() map[string]string { + return map_BasicAuth +} + var map_ClusterMonitoring = map[string]string{ "": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "metadata": "metadata is the standard object metadata.", @@ -177,6 +212,7 @@ var map_ClusterMonitoringSpec = map[string]string{ "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "prometheusConfig": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "prometheusOperatorConfig": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "prometheusOperatorAdmissionWebhookConfig": "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", @@ -206,6 +242,81 @@ func (ContainerResource) SwaggerDoc() map[string]string { return map_ContainerResource } +var map_DropEqualActionConfig = map[string]string{ + "": "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", +} + +func (DropEqualActionConfig) SwaggerDoc() map[string]string { + return map_DropEqualActionConfig +} + +var map_HashModActionConfig = map[string]string{ + "": "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", + "targetLabel": "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + "modulus": "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", +} + +func (HashModActionConfig) SwaggerDoc() map[string]string { + return map_HashModActionConfig +} + +var map_KeepEqualActionConfig = map[string]string{ + "": "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", +} + +func (KeepEqualActionConfig) SwaggerDoc() map[string]string { + return map_KeepEqualActionConfig +} + +var map_Label = map[string]string{ + "": "Label represents a key/value pair for external labels.", + "key": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "value": "value is the value of the label. Must be between 1 and 128 characters in length.", +} + +func (Label) SwaggerDoc() map[string]string { + return map_Label +} + +var map_LabelMapActionConfig = map[string]string{ + "": "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", + "replacement": "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", +} + +func (LabelMapActionConfig) SwaggerDoc() map[string]string { + return map_LabelMapActionConfig +} + +var map_LowercaseActionConfig = map[string]string{ + "": "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", +} + +func (LowercaseActionConfig) SwaggerDoc() map[string]string { + return map_LowercaseActionConfig +} + +var map_MetadataConfig = map[string]string{ + "": "MetadataConfig defines whether and how to send series metadata to remote write storage.", + "sendPolicy": "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", + "custom": "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", +} + +func (MetadataConfig) SwaggerDoc() map[string]string { + return map_MetadataConfig +} + +var map_MetadataConfigCustom = map[string]string{ + "": "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", + "sendIntervalSeconds": "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", +} + +func (MetadataConfigCustom) SwaggerDoc() map[string]string { + return map_MetadataConfigCustom +} + var map_MetricsServerConfig = map[string]string{ "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", @@ -220,6 +331,29 @@ func (MetricsServerConfig) SwaggerDoc() map[string]string { return map_MetricsServerConfig } +var map_OAuth2 = map[string]string{ + "": "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + "clientId": "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + "clientSecret": "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + "tokenUrl": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "scopes": "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + "endpointParams": "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", +} + +func (OAuth2) SwaggerDoc() map[string]string { + return map_OAuth2 +} + +var map_OAuth2EndpointParam = map[string]string{ + "": "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", + "name": "name is the parameter name. Must be between 1 and 256 characters.", + "value": "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", +} + +func (OAuth2EndpointParam) SwaggerDoc() map[string]string { + return map_OAuth2EndpointParam +} + var map_OpenShiftStateMetricsConfig = map[string]string{ "": "OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments.", "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", @@ -232,6 +366,27 @@ func (OpenShiftStateMetricsConfig) SwaggerDoc() map[string]string { return map_OpenShiftStateMetricsConfig } +var map_PrometheusConfig = map[string]string{ + "": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + "additionalAlertmanagerConfigs": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "enforcedBodySizeLimitBytes": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + "externalLabels": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", + "queryLogFile": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + "remoteWrite": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "resources": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", + "retention": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "collectionProfile": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", +} + +func (PrometheusConfig) SwaggerDoc() map[string]string { + return map_PrometheusConfig +} + var map_PrometheusOperatorAdmissionWebhookConfig = map[string]string{ "": "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", "resources": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", @@ -255,6 +410,159 @@ func (PrometheusOperatorConfig) SwaggerDoc() map[string]string { return map_PrometheusOperatorConfig } +var map_PrometheusRemoteWriteHeader = map[string]string{ + "": "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", + "name": "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", + "value": "value is the HTTP header value. Must be at most 4096 characters.", +} + +func (PrometheusRemoteWriteHeader) SwaggerDoc() map[string]string { + return map_PrometheusRemoteWriteHeader +} + +var map_QueueConfig = map[string]string{ + "": "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", + "capacity": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + "maxShards": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + "minShards": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + "maxSamplesPerSend": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + "batchSendDeadlineSeconds": "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + "minBackoffMilliseconds": "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "maxBackoffMilliseconds": "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "rateLimitedAction": "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", +} + +func (QueueConfig) SwaggerDoc() map[string]string { + return map_QueueConfig +} + +var map_RelabelActionConfig = map[string]string{ + "": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + "type": "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", + "replace": "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", + "hashMod": "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", + "labelMap": "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", + "lowercase": "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "uppercase": "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "keepEqual": "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + "dropEqual": "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", +} + +func (RelabelActionConfig) SwaggerDoc() map[string]string { + return map_RelabelActionConfig +} + +var map_RelabelConfig = map[string]string{ + "": "RelabelConfig represents a relabeling rule.", + "name": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + "separator": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "regex": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + "action": "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", +} + +func (RelabelConfig) SwaggerDoc() map[string]string { + return map_RelabelConfig +} + +var map_RemoteWriteAuthorization = map[string]string{ + "": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + "type": "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + "safeAuthorization": "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", + "basicAuth": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + "oauth2": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", + "sigv4": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", +} + +func (RemoteWriteAuthorization) SwaggerDoc() map[string]string { + return map_RemoteWriteAuthorization +} + +var map_RemoteWriteSpec = map[string]string{ + "": "RemoteWriteSpec represents configuration for remote write endpoints.", + "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", + "name": "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "authorization": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + "headers": "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", + "metadataConfig": "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", + "proxyUrl": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "queueConfig": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "remoteTimeoutSeconds": "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "exemplarsMode": "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", + "tlsConfig": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", +} + +func (RemoteWriteSpec) SwaggerDoc() map[string]string { + return map_RemoteWriteSpec +} + +var map_ReplaceActionConfig = map[string]string{ + "": "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + "targetLabel": "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", + "replacement": "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", +} + +func (ReplaceActionConfig) SwaggerDoc() map[string]string { + return map_ReplaceActionConfig +} + +var map_Retention = map[string]string{ + "": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "durationInDays": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + "sizeInGiB": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", +} + +func (Retention) SwaggerDoc() map[string]string { + return map_Retention +} + +var map_SecretKeySelector = map[string]string{ + "": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "name": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "key": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", +} + +func (SecretKeySelector) SwaggerDoc() map[string]string { + return map_SecretKeySelector +} + +var map_Sigv4 = map[string]string{ + "": "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", + "region": "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + "accessKey": "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + "secretKey": "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + "profile": "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + "roleArn": "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", +} + +func (Sigv4) SwaggerDoc() map[string]string { + return map_Sigv4 +} + +var map_TLSConfig = map[string]string{ + "": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "ca": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + "cert": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + "key": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "serverName": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "certificateVerification": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", +} + +func (TLSConfig) SwaggerDoc() map[string]string { + return map_TLSConfig +} + +var map_UppercaseActionConfig = map[string]string{ + "": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", +} + +func (UppercaseActionConfig) SwaggerDoc() map[string]string { + return map_UppercaseActionConfig +} + var map_UserDefinedMonitoring = map[string]string{ "": "UserDefinedMonitoring config for user-defined projects.", "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 1cb4d746c5f..80b41d270b5 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -449,13 +449,16 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1.VSpherePlatformTopology": schema_openshift_api_config_v1_VSpherePlatformTopology(ref), "github.com/openshift/api/config/v1.VSpherePlatformVCenterSpec": schema_openshift_api_config_v1_VSpherePlatformVCenterSpec(ref), "github.com/openshift/api/config/v1.WebhookTokenAuthenticator": schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref), + "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig": schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref), "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig": schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref), "github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig": schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref), "github.com/openshift/api/config/v1alpha1.Audit": schema_openshift_api_config_v1alpha1_Audit(ref), + "github.com/openshift/api/config/v1alpha1.AuthorizationConfig": schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref), "github.com/openshift/api/config/v1alpha1.Backup": schema_openshift_api_config_v1alpha1_Backup(ref), "github.com/openshift/api/config/v1alpha1.BackupList": schema_openshift_api_config_v1alpha1_BackupList(ref), "github.com/openshift/api/config/v1alpha1.BackupSpec": schema_openshift_api_config_v1alpha1_BackupSpec(ref), "github.com/openshift/api/config/v1alpha1.BackupStatus": schema_openshift_api_config_v1alpha1_BackupStatus(ref), + "github.com/openshift/api/config/v1alpha1.BasicAuth": schema_openshift_api_config_v1alpha1_BasicAuth(ref), "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref), "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigList": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref), "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref), @@ -472,9 +475,11 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.ContainerResource": schema_openshift_api_config_v1alpha1_ContainerResource(ref), "github.com/openshift/api/config/v1alpha1.CustomPKIPolicy": schema_openshift_api_config_v1alpha1_CustomPKIPolicy(ref), "github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig": schema_openshift_api_config_v1alpha1_DefaultCertificateConfig(ref), + "github.com/openshift/api/config/v1alpha1.DropEqualActionConfig": schema_openshift_api_config_v1alpha1_DropEqualActionConfig(ref), "github.com/openshift/api/config/v1alpha1.ECDSAKeyConfig": schema_openshift_api_config_v1alpha1_ECDSAKeyConfig(ref), "github.com/openshift/api/config/v1alpha1.EtcdBackupSpec": schema_openshift_api_config_v1alpha1_EtcdBackupSpec(ref), "github.com/openshift/api/config/v1alpha1.GatherConfig": schema_openshift_api_config_v1alpha1_GatherConfig(ref), + "github.com/openshift/api/config/v1alpha1.HashModActionConfig": schema_openshift_api_config_v1alpha1_HashModActionConfig(ref), "github.com/openshift/api/config/v1alpha1.ImagePolicy": schema_openshift_api_config_v1alpha1_ImagePolicy(ref), "github.com/openshift/api/config/v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust": schema_openshift_api_config_v1alpha1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref), "github.com/openshift/api/config/v1alpha1.ImagePolicyList": schema_openshift_api_config_v1alpha1_ImagePolicyList(ref), @@ -487,8 +492,16 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.InsightsDataGatherList": schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), + "github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig": schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref), "github.com/openshift/api/config/v1alpha1.KeyConfig": schema_openshift_api_config_v1alpha1_KeyConfig(ref), + "github.com/openshift/api/config/v1alpha1.Label": schema_openshift_api_config_v1alpha1_Label(ref), + "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig": schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig": schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.MetadataConfig": schema_openshift_api_config_v1alpha1_MetadataConfig(ref), + "github.com/openshift/api/config/v1alpha1.MetadataConfigCustom": schema_openshift_api_config_v1alpha1_MetadataConfigCustom(ref), "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), + "github.com/openshift/api/config/v1alpha1.OAuth2": schema_openshift_api_config_v1alpha1_OAuth2(ref), + "github.com/openshift/api/config/v1alpha1.OAuth2EndpointParam": schema_openshift_api_config_v1alpha1_OAuth2EndpointParam(ref), "github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig": schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref), "github.com/openshift/api/config/v1alpha1.PKI": schema_openshift_api_config_v1alpha1_PKI(ref), "github.com/openshift/api/config/v1alpha1.PKICertificateManagement": schema_openshift_api_config_v1alpha1_PKICertificateManagement(ref), @@ -503,13 +516,26 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.PolicyMatchExactRepository": schema_openshift_api_config_v1alpha1_PolicyMatchExactRepository(ref), "github.com/openshift/api/config/v1alpha1.PolicyMatchRemapIdentity": schema_openshift_api_config_v1alpha1_PolicyMatchRemapIdentity(ref), "github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust": schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref), + "github.com/openshift/api/config/v1alpha1.PrometheusConfig": schema_openshift_api_config_v1alpha1_PrometheusConfig(ref), "github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorAdmissionWebhookConfig(ref), "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref), + "github.com/openshift/api/config/v1alpha1.PrometheusRemoteWriteHeader": schema_openshift_api_config_v1alpha1_PrometheusRemoteWriteHeader(ref), + "github.com/openshift/api/config/v1alpha1.QueueConfig": schema_openshift_api_config_v1alpha1_QueueConfig(ref), "github.com/openshift/api/config/v1alpha1.RSAKeyConfig": schema_openshift_api_config_v1alpha1_RSAKeyConfig(ref), + "github.com/openshift/api/config/v1alpha1.RelabelActionConfig": schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.RelabelConfig": schema_openshift_api_config_v1alpha1_RelabelConfig(ref), + "github.com/openshift/api/config/v1alpha1.RemoteWriteAuthorization": schema_openshift_api_config_v1alpha1_RemoteWriteAuthorization(ref), + "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec": schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref), + "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig": schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.Retention": schema_openshift_api_config_v1alpha1_Retention(ref), "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig": schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref), "github.com/openshift/api/config/v1alpha1.RetentionPolicy": schema_openshift_api_config_v1alpha1_RetentionPolicy(ref), "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig": schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref), + "github.com/openshift/api/config/v1alpha1.SecretKeySelector": schema_openshift_api_config_v1alpha1_SecretKeySelector(ref), + "github.com/openshift/api/config/v1alpha1.Sigv4": schema_openshift_api_config_v1alpha1_Sigv4(ref), "github.com/openshift/api/config/v1alpha1.Storage": schema_openshift_api_config_v1alpha1_Storage(ref), + "github.com/openshift/api/config/v1alpha1.TLSConfig": schema_openshift_api_config_v1alpha1_TLSConfig(ref), + "github.com/openshift/api/config/v1alpha1.UppercaseActionConfig": schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref), "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring": schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref), "github.com/openshift/api/config/v1alpha2.Custom": schema_openshift_api_config_v1alpha2_Custom(ref), "github.com/openshift/api/config/v1alpha2.GatherConfig": schema_openshift_api_config_v1alpha2_GatherConfig(ref), @@ -22373,6 +22399,84 @@ func schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref common.Referen } } +func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "authorization": { + SchemaProps: spec.SchemaProps{ + Description: "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.AuthorizationConfig"), + }, + }, + "pathPrefix": { + SchemaProps: spec.SchemaProps{ + Description: "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", + Type: []string{"string"}, + Format: "", + }, + }, + "scheme": { + SchemaProps: spec.SchemaProps{ + Description: "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", + Type: []string{"string"}, + Format: "", + }, + }, + "staticConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "timeoutSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "tlsConfig": { + SchemaProps: spec.SchemaProps{ + Description: "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), + }, + }, + }, + Required: []string{"name", "staticConfigs"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.AuthorizationConfig", "github.com/openshift/api/config/v1alpha1.TLSConfig"}, + } +} + func schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -22519,7 +22623,7 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re }, "volumeClaimTemplate": { SchemaProps: spec.SchemaProps{ - Description: "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + Description: "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", Ref: ref(corev1.PersistentVolumeClaim{}.OpenAPIModelName()), }, }, @@ -22552,6 +22656,48 @@ func schema_openshift_api_config_v1alpha1_Audit(ref common.ReferenceCallback) co } } +func schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AuthorizationConfig defines the authentication method for Alertmanager connections.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "bearerToken": { + SchemaProps: spec.SchemaProps{ + Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "bearerToken": "BearerToken", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -22685,6 +22831,36 @@ func schema_openshift_api_config_v1alpha1_BackupStatus(ref common.ReferenceCallb } } +func schema_openshift_api_config_v1alpha1_BasicAuth(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "username": { + SchemaProps: spec.SchemaProps{ + Description: "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "password": { + SchemaProps: spec.SchemaProps{ + Description: "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + }, + Required: []string{"username", "password"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23179,6 +23355,13 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer Ref: ref("github.com/openshift/api/config/v1alpha1.AlertmanagerConfig"), }, }, + "prometheusConfig": { + SchemaProps: spec.SchemaProps{ + Description: "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusConfig"), + }, + }, "metricsServerConfig": { SchemaProps: spec.SchemaProps{ Description: "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", @@ -23211,7 +23394,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, + "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig", "github.com/openshift/api/config/v1alpha1.PrometheusConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, } } @@ -23328,6 +23511,27 @@ func schema_openshift_api_config_v1alpha1_DefaultCertificateConfig(ref common.Re } } +func schema_openshift_api_config_v1alpha1_DropEqualActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_ECDSAKeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23443,6 +23647,34 @@ func schema_openshift_api_config_v1alpha1_GatherConfig(ref common.ReferenceCallb } } +func schema_openshift_api_config_v1alpha1_HashModActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "modulus": { + SchemaProps: spec.SchemaProps{ + Description: "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + }, + Required: []string{"targetLabel", "modulus"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_ImagePolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23887,6 +24119,27 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref common.Re } } +func schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_KeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23937,70 +24190,190 @@ func schema_openshift_api_config_v1alpha1_KeyConfig(ref common.ReferenceCallback } } -func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_Label(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", + Description: "Label represents a key/value pair for external labels.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "audit": { + "key": { SchemaProps: spec.SchemaProps{ - Description: "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.Audit"), + Description: "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", }, }, - "nodeSelector": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "value is the value of the label. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", }, }, - "tolerations": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + }, + Required: []string{"key", "value"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "replacement": { SchemaProps: spec.SchemaProps{ - Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), - }, - }, - }, + Description: "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", + Type: []string{"string"}, + Format: "", }, }, - "verbosity": { + }, + Required: []string{"replacement"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", + Description: "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, }, - "resources": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_MetadataConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MetadataConfig defines whether and how to send series metadata to remote write storage.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "sendPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", + Type: []string{"string"}, + Format: "", + }, + }, + "custom": { + SchemaProps: spec.SchemaProps{ + Description: "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.MetadataConfigCustom"), + }, + }, + }, + Required: []string{"sendPolicy"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.MetadataConfigCustom"}, + } +} + +func schema_openshift_api_config_v1alpha1_MetadataConfigCustom(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "sendIntervalSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "audit": { + SchemaProps: spec.SchemaProps{ + Description: "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Audit"), + }, + }, + "nodeSelector": { + SchemaProps: spec.SchemaProps{ + Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "verbosity": { + SchemaProps: spec.SchemaProps{ + Description: "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", + Type: []string{"string"}, + Format: "", + }, + }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, }, SchemaProps: spec.SchemaProps{ Description: "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", @@ -24046,6 +24419,113 @@ func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.Referen } } +func schema_openshift_api_config_v1alpha1_OAuth2(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "clientId": { + SchemaProps: spec.SchemaProps{ + Description: "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "clientSecret": { + SchemaProps: spec.SchemaProps{ + Description: "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "tokenUrl": { + SchemaProps: spec.SchemaProps{ + Description: "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "scopes": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "endpointParams": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.OAuth2EndpointParam"), + }, + }, + }, + }, + }, + }, + Required: []string{"clientId", "clientSecret", "tokenUrl"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.OAuth2EndpointParam", "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + +func schema_openshift_api_config_v1alpha1_OAuth2EndpointParam(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the parameter name. Must be between 1 and 256 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24609,14 +25089,14 @@ func schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref common.Reference } } -func schema_openshift_api_config_v1alpha1_PrometheusOperatorAdmissionWebhookConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PrometheusConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", + Description: "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "resources": { + "additionalAlertmanagerConfigs": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ @@ -24626,66 +25106,57 @@ func schema_openshift_api_config_v1alpha1_PrometheusOperatorAdmissionWebhookConf }, }, SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + Description: "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + Ref: ref("github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig"), }, }, }, }, }, - "topologySpreadConstraints": { + "enforcedBodySizeLimitBytes": { + SchemaProps: spec.SchemaProps{ + Description: "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "externalLabels": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "topologyKey", - "whenUnsatisfiable", + "key", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Description: "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + Ref: ref("github.com/openshift/api/config/v1alpha1.Label"), }, }, }, }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ "logLevel": { SchemaProps: spec.SchemaProps{ - Description: "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + Description: "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", Type: []string{"string"}, Format: "", }, }, "nodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -24699,7 +25170,14 @@ func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.Re }, }, }, - "resources": { + "queryLogFile": { + SchemaProps: spec.SchemaProps{ + Description: "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "remoteWrite": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ @@ -24709,84 +25187,790 @@ func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.Re }, }, SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + Description: "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + Ref: ref("github.com/openshift/api/config/v1alpha1.RemoteWriteSpec"), }, }, }, }, }, - "tolerations": { + "resources": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + Description: "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), }, }, }, }, }, - "topologySpreadConstraints": { + "retention": { + SchemaProps: spec.SchemaProps{ + Description: "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Retention"), + }, + }, + "tolerations": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "topologyKey", - "whenUnsatisfiable", + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "collectionProfile": { + SchemaProps: spec.SchemaProps{ + Description: "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + Type: []string{"string"}, + Format: "", + }, + }, + "volumeClaimTemplate": { + SchemaProps: spec.SchemaProps{ + Description: "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", + Ref: ref(corev1.PersistentVolumeClaim{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.ContainerResource", "github.com/openshift/api/config/v1alpha1.Label", "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec", "github.com/openshift/api/config/v1alpha1.Retention", corev1.PersistentVolumeClaim{}.OpenAPIModelName(), corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_PrometheusOperatorAdmissionWebhookConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "logLevel": { + SchemaProps: spec.SchemaProps{ + Description: "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + Type: []string{"string"}, + Format: "", + }, + }, + "nodeSelector": { + SchemaProps: spec.SchemaProps{ + Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_PrometheusRemoteWriteHeader(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the HTTP header value. Must be at most 4096 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "value"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_QueueConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "capacity": { + SchemaProps: spec.SchemaProps{ + Description: "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "maxShards": { + SchemaProps: spec.SchemaProps{ + Description: "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "minShards": { + SchemaProps: spec.SchemaProps{ + Description: "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "maxSamplesPerSend": { + SchemaProps: spec.SchemaProps{ + Description: "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "batchSendDeadlineSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "minBackoffMilliseconds": { + SchemaProps: spec.SchemaProps{ + Description: "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "maxBackoffMilliseconds": { + SchemaProps: spec.SchemaProps{ + Description: "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "rateLimitedAction": { + SchemaProps: spec.SchemaProps{ + Description: "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RSAKeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RSAKeyConfig specifies parameters for RSA key generation.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "keySize": { + SchemaProps: spec.SchemaProps{ + Description: "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + Required: []string{"keySize"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", + Type: []string{"string"}, + Format: "", + }, + }, + "replace": { + SchemaProps: spec.SchemaProps{ + Description: "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ReplaceActionConfig"), + }, + }, + "hashMod": { + SchemaProps: spec.SchemaProps{ + Description: "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.HashModActionConfig"), + }, + }, + "labelMap": { + SchemaProps: spec.SchemaProps{ + Description: "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.LabelMapActionConfig"), + }, + }, + "lowercase": { + SchemaProps: spec.SchemaProps{ + Description: "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.LowercaseActionConfig"), + }, + }, + "uppercase": { + SchemaProps: spec.SchemaProps{ + Description: "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"), + }, + }, + "keepEqual": { + SchemaProps: spec.SchemaProps{ + Description: "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig"), + }, + }, + "dropEqual": { + SchemaProps: spec.SchemaProps{ + Description: "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.DropEqualActionConfig"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "dropEqual": "DropEqual", + "hashMod": "HashMod", + "keepEqual": "KeepEqual", + "labelMap": "LabelMap", + "lowercase": "Lowercase", + "replace": "Replace", + "uppercase": "Uppercase", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.DropEqualActionConfig", "github.com/openshift/api/config/v1alpha1.HashModActionConfig", "github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig", "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig", "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig", "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig", "github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RelabelConfig represents a relabeling rule.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "sourceLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "separator": { + SchemaProps: spec.SchemaProps{ + Description: "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "regex": { + SchemaProps: spec.SchemaProps{ + Description: "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "action": { + SchemaProps: spec.SchemaProps{ + Description: "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RelabelActionConfig"), + }, + }, + }, + Required: []string{"name", "action"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.RelabelActionConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_RemoteWriteAuthorization(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + Type: []string{"string"}, + Format: "", + }, + }, + "safeAuthorization": { + SchemaProps: spec.SchemaProps{ + Description: "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", + Ref: ref(corev1.SecretKeySelector{}.OpenAPIModelName()), + }, + }, + "bearerToken": { + SchemaProps: spec.SchemaProps{ + Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "basicAuth": { + SchemaProps: spec.SchemaProps{ + Description: "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.BasicAuth"), + }, + }, + "oauth2": { + SchemaProps: spec.SchemaProps{ + Description: "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.OAuth2"), + }, + }, + "sigv4": { + SchemaProps: spec.SchemaProps{ + Description: "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Sigv4"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "basicAuth": "BasicAuth", + "bearerToken": "BearerToken", + "oauth2": "OAuth2", + "safeAuthorization": "SafeAuthorization", + "sigv4": "Sigv4", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.BasicAuth", "github.com/openshift/api/config/v1alpha1.OAuth2", "github.com/openshift/api/config/v1alpha1.SecretKeySelector", "github.com/openshift/api/config/v1alpha1.Sigv4", corev1.SecretKeySelector{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RemoteWriteSpec represents configuration for remote write endpoints.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "url": { + SchemaProps: spec.SchemaProps{ + Description: "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "authorization": { + SchemaProps: spec.SchemaProps{ + Description: "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RemoteWriteAuthorization"), + }, + }, + "headers": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Description: "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusRemoteWriteHeader"), + }, + }, + }, + }, + }, + "metadataConfig": { + SchemaProps: spec.SchemaProps{ + Description: "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.MetadataConfig"), + }, + }, + "proxyUrl": { + SchemaProps: spec.SchemaProps{ + Description: "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "queueConfig": { + SchemaProps: spec.SchemaProps{ + Description: "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.QueueConfig"), + }, + }, + "remoteTimeoutSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "exemplarsMode": { + SchemaProps: spec.SchemaProps{ + Description: "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", + Type: []string{"string"}, + Format: "", + }, + }, + "tlsConfig": { + SchemaProps: spec.SchemaProps{ + Description: "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), + }, + }, + "writeRelabelConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RelabelConfig"), }, }, }, }, }, }, + Required: []string{"url", "name"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.MetadataConfig", "github.com/openshift/api/config/v1alpha1.PrometheusRemoteWriteHeader", "github.com/openshift/api/config/v1alpha1.QueueConfig", "github.com/openshift/api/config/v1alpha1.RelabelConfig", "github.com/openshift/api/config/v1alpha1.RemoteWriteAuthorization", "github.com/openshift/api/config/v1alpha1.TLSConfig"}, } } -func schema_openshift_api_config_v1alpha1_RSAKeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RSAKeyConfig specifies parameters for RSA key generation.", + Description: "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "keySize": { + "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", + Description: "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "replacement": { + SchemaProps: spec.SchemaProps{ + Description: "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel", "replacement"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_Retention(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "durationInDays": { + SchemaProps: spec.SchemaProps{ + Description: "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "sizeInGiB": { + SchemaProps: spec.SchemaProps{ + Description: "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", Type: []string{"integer"}, Format: "int32", }, }, }, - Required: []string{"keySize"}, }, }, } @@ -24886,6 +26070,89 @@ func schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref common.Referen } } +func schema_openshift_api_config_v1alpha1_SecretKeySelector(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "key"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-map-type": "atomic", + }, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_Sigv4(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "region": { + SchemaProps: spec.SchemaProps{ + Description: "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "accessKey": { + SchemaProps: spec.SchemaProps{ + Description: "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "secretKey": { + SchemaProps: spec.SchemaProps{ + Description: "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "profile": { + SchemaProps: spec.SchemaProps{ + Description: "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "roleArn": { + SchemaProps: spec.SchemaProps{ + Description: "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -24916,6 +26183,77 @@ func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) } } +func schema_openshift_api_config_v1alpha1_TLSConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ca": { + SchemaProps: spec.SchemaProps{ + Description: "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "cert": { + SchemaProps: spec.SchemaProps{ + Description: "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "serverName": { + SchemaProps: spec.SchemaProps{ + Description: "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "certificateVerification": { + SchemaProps: spec.SchemaProps{ + Description: "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + +func schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index 1b8811ecdd0..039a2d2007b 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -23707,6 +23707,52 @@ } } }, + "com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig": { + "description": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "type": "object", + "required": [ + "name", + "staticConfigs" + ], + "properties": { + "authorization": { + "description": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AuthorizationConfig" + }, + "name": { + "description": "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", + "type": "string" + }, + "pathPrefix": { + "description": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", + "type": "string" + }, + "scheme": { + "description": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", + "type": "string" + }, + "staticConfigs": { + "description": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "timeoutSeconds": { + "description": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "type": "integer", + "format": "int32" + }, + "tlsConfig": { + "description": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" + } + } + }, "com.github.openshift.api.config.v1alpha1.AlertmanagerConfig": { "description": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "type": "object", @@ -23785,7 +23831,7 @@ "x-kubernetes-list-type": "map" }, "volumeClaimTemplate": { - "description": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + "description": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", "$ref": "#/definitions/PersistentVolumeClaim.v1.core.api.k8s.io" } } @@ -23803,6 +23849,32 @@ } } }, + "com.github.openshift.api.config.v1alpha1.AuthorizationConfig": { + "description": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "bearerToken": { + "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "type": { + "description": "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "bearerToken": "BearerToken" + } + } + ] + }, "com.github.openshift.api.config.v1alpha1.Backup": { "description": "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -23881,6 +23953,26 @@ "com.github.openshift.api.config.v1alpha1.BackupStatus": { "type": "object" }, + "com.github.openshift.api.config.v1alpha1.BasicAuth": { + "description": "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + "type": "object", + "required": [ + "username", + "password" + ], + "properties": { + "password": { + "description": "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "username": { + "description": "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + } + } + }, "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig": { "description": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -24167,6 +24259,11 @@ "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig" }, + "prometheusConfig": { + "description": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusConfig" + }, "prometheusOperatorAdmissionWebhookConfig": { "description": "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "default": {}, @@ -24252,6 +24349,19 @@ } } }, + "com.github.openshift.api.config.v1alpha1.DropEqualActionConfig": { + "description": "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig": { "description": "ECDSAKeyConfig specifies parameters for ECDSA key generation.", "type": "object", @@ -24314,6 +24424,25 @@ } } }, + "com.github.openshift.api.config.v1alpha1.HashModActionConfig": { + "description": "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", + "type": "object", + "required": [ + "targetLabel", + "modulus" + ], + "properties": { + "modulus": { + "description": "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", + "type": "integer", + "format": "int64" + }, + "targetLabel": { + "description": "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.ImagePolicy": { "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -24581,6 +24710,19 @@ "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus": { "type": "object" }, + "com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig": { + "description": "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.KeyConfig": { "description": "KeyConfig specifies cryptographic parameters for key generation.", "type": "object", @@ -24613,6 +24755,79 @@ } ] }, + "com.github.openshift.api.config.v1alpha1.Label": { + "description": "Label represents a key/value pair for external labels.", + "type": "object", + "required": [ + "key", + "value" + ], + "properties": { + "key": { + "description": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "type": "string" + }, + "value": { + "description": "value is the value of the label. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.LabelMapActionConfig": { + "description": "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", + "type": "object", + "required": [ + "replacement" + ], + "properties": { + "replacement": { + "description": "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.LowercaseActionConfig": { + "description": "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.MetadataConfig": { + "description": "MetadataConfig defines whether and how to send series metadata to remote write storage.", + "type": "object", + "required": [ + "sendPolicy" + ], + "properties": { + "custom": { + "description": "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetadataConfigCustom" + }, + "sendPolicy": { + "description": "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.MetadataConfigCustom": { + "description": "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", + "type": "object", + "properties": { + "sendIntervalSeconds": { + "description": "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", + "type": "integer", + "format": "int32" + } + } + }, "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "type": "object", @@ -24670,6 +24885,69 @@ } } }, + "com.github.openshift.api.config.v1alpha1.OAuth2": { + "description": "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + "type": "object", + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "properties": { + "clientId": { + "description": "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "clientSecret": { + "description": "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "endpointParams": { + "description": "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "scopes": { + "description": "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "tokenUrl": { + "description": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam": { + "description": "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is the parameter name. Must be between 1 and 256 characters.", + "type": "string" + }, + "value": { + "description": "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig": { "description": "OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments.", "type": "object", @@ -25009,55 +25287,73 @@ } ] }, - "com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig": { - "description": "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", + "com.github.openshift.api.config.v1alpha1.PrometheusConfig": { + "description": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", "type": "object", "properties": { - "resources": { - "description": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "additionalAlertmanagerConfigs": { + "description": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig" }, "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "collectionProfile": { + "description": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "type": "string" + }, + "enforcedBodySizeLimitBytes": { + "description": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + "type": "integer", + "format": "int64" + }, + "externalLabels": { + "description": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Label" }, "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" + "key" ], "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig": { - "description": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", - "type": "object", - "properties": { + }, "logLevel": { - "description": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "description": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "type": "string" }, "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, + "queryLogFile": { + "description": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + "type": "string" + }, + "remoteWrite": { + "description": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RemoteWriteSpec" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "resources": { - "description": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "description": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", "type": "array", "items": { "default": {}, @@ -25068,8 +25364,13 @@ ], "x-kubernetes-list-type": "map" }, + "retention": { + "description": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Retention" + }, "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", "type": "array", "items": { "default": {}, @@ -25078,7 +25379,7 @@ "x-kubernetes-list-type": "atomic" }, "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "description": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { "default": {}, @@ -25089,31 +25390,437 @@ "whenUnsatisfiable" ], "x-kubernetes-list-type": "map" + }, + "volumeClaimTemplate": { + "description": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", + "$ref": "#/definitions/PersistentVolumeClaim.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1alpha1.RSAKeyConfig": { - "description": "RSAKeyConfig specifies parameters for RSA key generation.", - "type": "object", - "required": [ - "keySize" - ], - "properties": { - "keySize": { - "description": "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", - "type": "integer", - "format": "int32" - } - } - }, - "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig": { - "description": "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + "com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig": { + "description": "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", "type": "object", - "required": [ - "maxNumberOfBackups" - ], "properties": { - "maxNumberOfBackups": { + "resources": { + "description": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig": { + "description": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + "type": "object", + "properties": { + "logLevel": { + "description": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "type": "string" + }, + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader": { + "description": "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", + "type": "object", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "description": "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", + "type": "string" + }, + "value": { + "description": "value is the HTTP header value. Must be at most 4096 characters.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.QueueConfig": { + "description": "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", + "type": "object", + "properties": { + "batchSendDeadlineSeconds": { + "description": "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + "type": "integer", + "format": "int32" + }, + "capacity": { + "description": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + "type": "integer", + "format": "int32" + }, + "maxBackoffMilliseconds": { + "description": "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "type": "integer", + "format": "int32" + }, + "maxSamplesPerSend": { + "description": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + "type": "integer", + "format": "int32" + }, + "maxShards": { + "description": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + "type": "integer", + "format": "int32" + }, + "minBackoffMilliseconds": { + "description": "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "type": "integer", + "format": "int32" + }, + "minShards": { + "description": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + "type": "integer", + "format": "int32" + }, + "rateLimitedAction": { + "description": "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.RSAKeyConfig": { + "description": "RSAKeyConfig specifies parameters for RSA key generation.", + "type": "object", + "required": [ + "keySize" + ], + "properties": { + "keySize": { + "description": "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.config.v1alpha1.RelabelActionConfig": { + "description": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "dropEqual": { + "description": "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DropEqualActionConfig" + }, + "hashMod": { + "description": "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.HashModActionConfig" + }, + "keepEqual": { + "description": "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig" + }, + "labelMap": { + "description": "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LabelMapActionConfig" + }, + "lowercase": { + "description": "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LowercaseActionConfig" + }, + "replace": { + "description": "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ReplaceActionConfig" + }, + "type": { + "description": "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", + "type": "string" + }, + "uppercase": { + "description": "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UppercaseActionConfig" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "dropEqual": "DropEqual", + "hashMod": "HashMod", + "keepEqual": "KeepEqual", + "labelMap": "LabelMap", + "lowercase": "Lowercase", + "replace": "Replace", + "uppercase": "Uppercase" + } + } + ] + }, + "com.github.openshift.api.config.v1alpha1.RelabelConfig": { + "description": "RelabelConfig represents a relabeling rule.", + "type": "object", + "required": [ + "name", + "action" + ], + "properties": { + "action": { + "description": "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RelabelActionConfig" + }, + "name": { + "description": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "type": "string" + }, + "regex": { + "description": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + "type": "string" + }, + "separator": { + "description": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "type": "string" + }, + "sourceLabels": { + "description": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization": { + "description": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "basicAuth": { + "description": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BasicAuth" + }, + "bearerToken": { + "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "oauth2": { + "description": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OAuth2" + }, + "safeAuthorization": { + "description": "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", + "$ref": "#/definitions/SecretKeySelector.v1.core.api.k8s.io" + }, + "sigv4": { + "description": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Sigv4" + }, + "type": { + "description": "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "basicAuth": "BasicAuth", + "bearerToken": "BearerToken", + "oauth2": "OAuth2", + "safeAuthorization": "SafeAuthorization", + "sigv4": "Sigv4" + } + } + ] + }, + "com.github.openshift.api.config.v1alpha1.RemoteWriteSpec": { + "description": "RemoteWriteSpec represents configuration for remote write endpoints.", + "type": "object", + "required": [ + "url", + "name" + ], + "properties": { + "authorization": { + "description": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization" + }, + "exemplarsMode": { + "description": "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", + "type": "string" + }, + "headers": { + "description": "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "metadataConfig": { + "description": "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetadataConfig" + }, + "name": { + "description": "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "type": "string" + }, + "proxyUrl": { + "description": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "type": "string" + }, + "queueConfig": { + "description": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.QueueConfig" + }, + "remoteTimeoutSeconds": { + "description": "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "type": "integer", + "format": "int32" + }, + "tlsConfig": { + "description": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" + }, + "url": { + "description": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", + "type": "string" + }, + "writeRelabelConfigs": { + "description": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RelabelConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1alpha1.ReplaceActionConfig": { + "description": "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + "type": "object", + "required": [ + "targetLabel", + "replacement" + ], + "properties": { + "replacement": { + "description": "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", + "type": "string" + }, + "targetLabel": { + "description": "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.Retention": { + "description": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "type": "object", + "properties": { + "durationInDays": { + "description": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + "type": "integer", + "format": "int32" + }, + "sizeInGiB": { + "description": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig": { + "description": "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + "type": "object", + "required": [ + "maxNumberOfBackups" + ], + "properties": { + "maxNumberOfBackups": { "description": "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", "type": "integer", "format": "int32", @@ -25171,6 +25878,53 @@ } } }, + "com.github.openshift.api.config.v1alpha1.SecretKeySelector": { + "description": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "type": "object", + "required": [ + "name", + "key" + ], + "properties": { + "key": { + "description": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", + "type": "string" + }, + "name": { + "description": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "com.github.openshift.api.config.v1alpha1.Sigv4": { + "description": "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", + "type": "object", + "properties": { + "accessKey": { + "description": "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "profile": { + "description": "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + "type": "string" + }, + "region": { + "description": "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + "type": "string" + }, + "roleArn": { + "description": "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", + "type": "string" + }, + "secretKey": { + "description": "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + } + } + }, "com.github.openshift.api.config.v1alpha1.Storage": { "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", @@ -25189,6 +25943,48 @@ } } }, + "com.github.openshift.api.config.v1alpha1.TLSConfig": { + "description": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "type": "object", + "properties": { + "ca": { + "description": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "cert": { + "description": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "certificateVerification": { + "description": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", + "type": "string" + }, + "key": { + "description": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "serverName": { + "description": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.UppercaseActionConfig": { + "description": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring": { "description": "UserDefinedMonitoring config for user-defined projects.", "type": "object", diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml index 93ebf32de5e..88eb7d9a879 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml @@ -132,7 +132,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -160,7 +160,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -454,12 +454,10 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. properties: apiVersion: description: |- @@ -982,7 +980,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -1010,7 +1008,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -1346,7 +1344,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -1374,7 +1372,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -1634,6 +1632,2359 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Entries must have unique names (name is the list key). + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", and forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid value is "BearerToken" (bearer token authentication). + When set to BearerToken, the bearerToken field must be specified. + enum: + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Minimum length is 1 character (empty string is invalid). + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + When no prefix is needed, omit this field; do not set it to "/" as that would produce paths with double slashes (e.g. "//api/v1/alerts"). + Must start with "/", must not end with "/", and must not be exactly "/". + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 2 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' + rule: '!self.endsWith(''/'')' + - message: pathPrefix must not be '/' (would produce double + slashes in request path); omit for no prefix + rule: self != '/' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default value is `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + Each entry must be unique and non-empty (empty string is invalid). + items: + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && size(url('http://' + + self).getHostname()) > 0 && size(url('http://' + + self).getPort()) > 0 && int(url('http://' + self).getPort()) + >= 1 && int(url('http://' + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Currently the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 10240 (10kB). + Maximum value is 1073741824 (1GB). + format: int64 + maximum: 1073741824 + minimum: 10240 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + and must not contain more than 10 entries. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + Must contain only alphanumeric characters, '.', '_', '-', or '/'. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, '.', '_', + '-', or '/' + rule: self.matches('^[a-zA-Z0-9._/-]+$') + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + - message: must not contain '//', end with '/', or contain '..' + rule: '!self.contains(''//'') && !self.endsWith(''/'') && !self.contains(''..'')' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Entries must have unique names (name is the list key). + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + authorization: + description: |- + authorization defines the authorization method for the remote write endpoint. + When omitted, no authorization is performed. + When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + properties: + basicAuth: + description: |- + basicAuth defines HTTP basic authentication credentials. + Required when type is "BasicAuth", and forbidden otherwise. + properties: + password: + description: |- + password defines the secret reference containing the password for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + username: + description: |- + username defines the secret reference containing the username for basic authentication. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + required: + - password + - username + type: object + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", and forbidden otherwise. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + oauth2: + description: |- + oauth2 defines OAuth2 client credentials authentication. + Required when type is "OAuth2", and forbidden otherwise. + properties: + clientId: + description: |- + clientId defines the secret reference containing the OAuth2 client ID. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + clientSecret: + description: |- + clientSecret defines the secret reference containing the OAuth2 client secret. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + endpointParams: + description: |- + endpointParams defines additional parameters to append to the token URL. + When omitted, no additional parameters are sent. + Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key). + items: + description: OAuth2EndpointParam defines a name/value + parameter for the OAuth2 token URL. + properties: + name: + description: name is the parameter name. Must + be between 1 and 256 characters. + maxLength: 256 + minLength: 1 + type: string + value: + description: |- + value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). + When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the + external system expects a parameter with an empty value (e.g. ?parameter=""). + Must be between 0 and 2048 characters when present (aligned with common URL length recommendations). + maxLength: 2048 + minLength: 0 + type: string + required: + - name + type: object + maxItems: 20 + minItems: 0 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + scopes: + description: |- + scopes is a list of OAuth2 scopes to request. + When omitted, no scopes are requested. + Maximum of 20 scopes can be specified. + Each scope must be between 1 and 256 characters. + items: + maxLength: 256 + minLength: 1 + type: string + maxItems: 20 + minItems: 0 + type: array + x-kubernetes-list-type: atomic + tokenUrl: + description: |- + tokenUrl is the URL to fetch the token from. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: must use http or https scheme + rule: '!isURL(self) || url(self).getScheme() == + ''http'' || url(self).getScheme() == ''https''' + required: + - clientId + - clientSecret + - tokenUrl + type: object + safeAuthorization: + description: |- + safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). + Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sigv4: + description: |- + sigv4 defines AWS Signature Version 4 authentication. + Required when type is "SigV4", and forbidden otherwise. + minProperties: 1 + properties: + accessKey: + description: |- + accessKey defines the secret reference containing the AWS access key ID. + The secret must exist in the openshift-monitoring namespace. + When omitted, the access key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + profile: + description: |- + profile is the named AWS profile used to authenticate. + When omitted, the default profile is used. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + region: + description: |- + region is the AWS region. + When omitted, the region is derived from the environment or instance metadata. + Must be between 1 and 128 characters. + maxLength: 128 + minLength: 1 + type: string + roleArn: + description: |- + roleArn is the AWS Role ARN, an alternative to using AWS API keys. + When omitted, API keys are used for authentication. + Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + Must be between 1 and 512 characters. + maxLength: 512 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid AWS IAM role ARN (e.g., + arn:aws:iam::123456789012:role/MyRole) + rule: self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$') + secretKey: + description: |- + secretKey defines the secret reference containing the AWS secret access key. + The secret must exist in the openshift-monitoring namespace. + When omitted, the secret key is derived from the environment or instance metadata. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start + and end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: object + type: + description: |- + type specifies the authorization method to use. + Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + + When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + + When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. + + When set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set. + + When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. + + When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. + + When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. + enum: + - BearerToken + - BasicAuth + - OAuth2 + - SigV4 + - SafeAuthorization + - ServiceAccount + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + - message: basicAuth is required when type is BasicAuth, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BasicAuth'' ? + has(self.basicAuth) : !has(self.basicAuth)' + - message: oauth2 is required when type is OAuth2, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''OAuth2'' ? has(self.oauth2) + : !has(self.oauth2)' + - message: sigv4 is required when type is SigV4, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''SigV4'' ? has(self.sigv4) + : !has(self.sigv4)' + - message: safeAuthorization is required when type is SafeAuthorization, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''SafeAuthorization'' + ? has(self.safeAuthorization) : !has(self.safeAuthorization)' + exemplarsMode: + description: |- + exemplarsMode controls whether exemplars are sent via remote write. + Valid values are "Send", "DoNotSend" and omitted. + When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + When omitted or set to "DoNotSend", exemplars are not sent. + enum: + - Send + - DoNotSend + type: string + headers: + description: |- + headers specifies the custom HTTP headers to be sent along with each remote write request. + Sending custom headers makes the configuration of a proxy in between optional and helps the + receiver recognize the given source better. + Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure + them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. + When omitted, no custom headers are sent. + Maximum of 50 headers can be specified. Each header name must be unique. + Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + items: + description: |- + PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. + The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. + Validation is enforced on the Headers field in RemoteWriteSpec. + properties: + name: + description: |- + name is the HTTP header name. Must not be a reserved header (see type documentation). + Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters. + maxLength: 256 + minLength: 1 + type: string + value: + description: value is the HTTP header value. Must + be at most 4096 characters. + maxLength: 4096 + minLength: 0 + type: string + required: + - name + - value + type: object + x-kubernetes-validations: + - message: header name must contain only alphanumeric + characters, hyphens, and underscores + rule: self.name.matches('^[a-zA-Z0-9_-]+$') + - message: header name must not be a reserved Prometheus + header (Host, Authorization, Content-Encoding, Content-Type, + X-Prometheus-Remote-Write-Version, User-Agent, Connection, + Keep-Alive, Proxy-Authenticate, Proxy-Authorization, + WWW-Authenticate) + rule: '!self.name.matches(''(?i)^(host|authorization|content-encoding|content-type|x-prometheus-remote-write-version|user-agent|connection|keep-alive|proxy-authenticate|proxy-authorization|www-authenticate)$'')' + maxItems: 50 + minItems: 0 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + metadataConfig: + description: |- + metadataConfig configures the sending of series metadata to remote storage. + When omitted, no metadata is sent. + When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds). + properties: + custom: + description: custom defines custom metadata send settings. + Required when sendPolicy is Custom (must have at least + one property), and forbidden when sendPolicy is Default. + minProperties: 1 + properties: + sendIntervalSeconds: + description: |- + sendIntervalSeconds is the interval in seconds at which metadata is sent. + When omitted, the platform chooses a reasonable default (e.g. 30 seconds). + Minimum value is 1 second. Maximum value is 86400 seconds (24 hours). + format: int32 + maximum: 86400 + minimum: 1 + type: integer + type: object + sendPolicy: + description: |- + sendPolicy specifies whether to send metadata and how it is configured. + Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). + Custom: send metadata using the settings in the custom field. + enum: + - Default + - Custom + type: string + required: + - sendPolicy + type: object + x-kubernetes-validations: + - message: custom is forbidden when sendPolicy is Default + rule: 'self.sendPolicy == ''Default'' ? self.custom.sendIntervalSeconds + == 0 : true' + name: + description: |- + name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). + This name is used in metrics and logging to differentiate remote write queues. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + proxyUrl: + description: |- + proxyUrl defines an optional proxy URL. + If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + When omitted, no proxy is used. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + queueConfig: + description: |- + queueConfig allows tuning configuration for remote write queue parameters. + When omitted, default queue configuration is used. + minProperties: 1 + properties: + batchSendDeadlineSeconds: + description: |- + batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 second. + Maximum value is 3600 seconds (1 hour). + format: int32 + maximum: 3600 + minimum: 1 + type: integer + capacity: + description: |- + capacity is the number of samples to buffer per shard before we start dropping them. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 10000. + Minimum value is 1. + Maximum value is 1000000. + format: int32 + maximum: 1000000 + minimum: 1 + type: integer + maxBackoffMilliseconds: + description: |- + maxBackoffMilliseconds is the maximum retry delay in milliseconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 millisecond. + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer + maxSamplesPerSend: + description: |- + maxSamplesPerSend is the maximum number of samples per send. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1000. + Minimum value is 1. + Maximum value is 100000. + format: int32 + maximum: 100000 + minimum: 1 + type: integer + maxShards: + description: |- + maxShards is the maximum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 200. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + minBackoffMilliseconds: + description: |- + minBackoffMilliseconds is the minimum retry delay in milliseconds. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 millisecond. + Maximum value is 3600000 milliseconds (1 hour). + format: int32 + maximum: 3600000 + minimum: 1 + type: integer + minShards: + description: |- + minShards is the minimum number of shards, i.e. amount of concurrency. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 1. + Minimum value is 1. + Maximum value is 10000. + format: int32 + maximum: 10000 + minimum: 1 + type: integer + rateLimitedAction: + description: |- + rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + When omitted, no retries are performed on rate limit responses. + When set to "Retry", Prometheus will retry such requests using the backoff settings above. + Valid value when set is "Retry". + enum: + - Retry + type: string + type: object + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines TLS authentication settings for the remote write endpoint. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "Verify". + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme and a non-empty hostname. + Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. + Empty string is invalid. Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + - message: must use http or https scheme + rule: '!isURL(self) || url(self).getScheme() == ''http'' + || url(self).getScheme() == ''https''' + - message: must have a non-empty hostname + rule: '!isURL(self) || size(url(self).getHostname()) > + 0' + - message: query parameters are not allowed + rule: '!isURL(self) || url(self).getQuery().size() == + 0' + - message: fragments are not allowed + rule: '!self.matches(''.*#.*'')' + - message: user information (e.g. user:password@host) is + not allowed + rule: '!self.matches(''.*@.*'')' + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Minimum of 1 and maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action defines the action to perform on the matched labels and its configuration. + Exactly one action-specific configuration must be specified based on the action type. + properties: + dropEqual: + description: |- + dropEqual configures the DropEqual action. + Required when type is DropEqual, and forbidden otherwise. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + hashMod: + description: |- + hashMod configures the HashMod action. + Required when type is HashMod, and forbidden otherwise. + properties: + modulus: + description: |- + modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). + Required when using the HashMod action so the intended behavior is explicit. + Must be between 1 and 1000000. + format: int64 + maximum: 1000000 + minimum: 1 + type: integer + targetLabel: + description: |- + targetLabel is the label name where the hash modulus result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - modulus + - targetLabel + type: object + keepEqual: + description: |- + keepEqual configures the KeepEqual action. + Required when type is KeepEqual, and forbidden otherwise. + Requires Prometheus >= v2.41.0. + properties: + targetLabel: + description: |- + targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + labelMap: + description: |- + labelMap configures the LabelMap action. + Required when type is LabelMap, and forbidden otherwise. + properties: + replacement: + description: |- + replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. + Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. + Use "$1" for the first capture group, "$2" for the second, etc. + Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names. + maxLength: 255 + minLength: 1 + type: string + required: + - replacement + type: object + lowercase: + description: |- + lowercase configures the Lowercase action. + Required when type is Lowercase, and forbidden otherwise. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the label name where the lower-cased value is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + replace: + description: |- + replace configures the Replace action. + Required when type is Replace, and forbidden otherwise. + properties: + replacement: + description: |- + replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. + Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. + Use "$1" for the first capture group, "$2" for the second, etc. Use an empty string ("") to explicitly clear the target label value. + Must be between 0 and 255 characters in length. + maxLength: 255 + minLength: 0 + type: string + targetLabel: + description: |- + targetLabel is the label name where the replacement result is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - replacement + - targetLabel + type: object + type: + description: |- + type specifies the action to perform on the matched labels. + Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep. + + When set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + + When set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0. + + When set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0. + + When set to Keep, targets for which regex does not match the concatenated source_labels are dropped. + + When set to Drop, targets for which regex matches the concatenated source_labels are dropped. + + When set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0. + + When set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0. + + When set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels. + + When set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted. + + When set to LabelDrop, regex is matched against all label names; any label that matches is removed. + + When set to LabelKeep, regex is matched against all label names; any label that does not match is removed. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + - Lowercase + - Uppercase + - KeepEqual + - DropEqual + type: string + uppercase: + description: |- + uppercase configures the Uppercase action. + Required when type is Uppercase, and forbidden otherwise. + Requires Prometheus >= v2.36.0. + properties: + targetLabel: + description: |- + targetLabel is the label name where the upper-cased value is written. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - targetLabel + type: object + required: + - type + type: object + x-kubernetes-validations: + - message: replace is required when type is Replace, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Replace'' + ? has(self.replace) : !has(self.replace)' + - message: hashMod is required when type is HashMod, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''HashMod'' + ? has(self.hashMod) : !has(self.hashMod)' + - message: lowercase is required when type is Lowercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Lowercase'' + ? has(self.lowercase) : !has(self.lowercase)' + - message: uppercase is required when type is Uppercase, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Uppercase'' + ? has(self.uppercase) : !has(self.uppercase)' + - message: keepEqual is required when type is KeepEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''KeepEqual'' + ? has(self.keepEqual) : !has(self.keepEqual)' + - message: dropEqual is required when type is DropEqual, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''DropEqual'' + ? has(self.dropEqual) : !has(self.dropEqual)' + - message: labelMap is required when type is LabelMap, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''LabelMap'' + ? has(self.labelMap) : !has(self.labelMap)' + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is "(.*)" to match everything. + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";", ",", "::", "|||". + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is ";". + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + Each entry must be unique. + Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. + While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). + items: + maxLength: 128 + minLength: 1 + type: string + x-kubernetes-validations: + - message: label names beginning with '__' (two + underscores) are reserved for internal Prometheus + use and are not allowed + rule: '!self.startsWith(''__'')' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - action + - name + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is 15. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + Users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string or nil value indicates that no + VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, + this field can be reset to its previous value (including nil) to cancel the modification. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with + a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing the + volume but further resizing of\n\t\tvolume is needed + on the node.\n\t- NodeResizeInProgress:\n\t\tState set + when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this + field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, + it means that no resize operation is in progress for + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey names + follow standard Kubernetes label syntax. Valid values + are either:\n\t* Un-prefixed keys:\n\t\t- storage - + the capacity of the volume.\n\t* Custom resources must + use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have + kubernetes.io prefix are considered\nreserved and hence + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and + if the actual volume capacity\nis equal or lower than + the requested capacity.\n\nA controller that receives + PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid\nresources associated with PVC." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "Resizing" that means the underlying + persistent volume is being resized. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible + indicates that the request has been rejected as + invalid by the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be specified.\nNote: + New statuses can be added in the future. Consumers + should check for unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object prometheusOperatorAdmissionWebhookConfig: description: |- prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the @@ -1683,7 +4034,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -1711,7 +4062,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object @@ -1997,7 +4348,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: limit must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) name: description: |- name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -2025,7 +4376,7 @@ spec: x-kubernetes-int-or-string: true x-kubernetes-validations: - message: request must be a positive, non-zero quantity - rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + rule: quantity(self).isGreaterThan(quantity('0')) required: - name type: object