From f2185653d43ca0e63f8f5b71d5b9a7239e85d3fe Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Tue, 16 Sep 2025 10:52:30 +0200 Subject: [PATCH 1/3] Add prometheusConfig API This commit introduces a new API to be introduced as a part of the migration in CMO from ConfigMap to CRDs Signed-off-by: Mario Fernandez Signed-off-by: Daniel Mellado --- .../ClusterMonitoringConfig.yaml | 423 +++++ config/v1alpha1/types_cluster_monitoring.go | 574 ++++++- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 1428 ++++++++++++----- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 1428 ++++++++++++----- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 1428 ++++++++++++----- config/v1alpha1/zz_generated.deepcopy.go | 249 ++- .../ClusterMonitoringConfig.yaml | 1428 ++++++++++++----- .../zz_generated.swagger_doc_generated.go | 129 +- .../generated_openapi/zz_generated.openapi.go | 776 ++++++++- openapi/openapi.json | 390 ++++- ...lustermonitorings-CustomNoUpgrade.crd.yaml | 1428 ++++++++++++----- ...ermonitorings-DevPreviewNoUpgrade.crd.yaml | 1428 ++++++++++++----- ...rmonitorings-TechPreviewNoUpgrade.crd.yaml | 1428 ++++++++++++----- 13 files changed, 9520 insertions(+), 3017 deletions(-) diff --git a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 45aba20c2a8..69ccb8a1254 100644 --- a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -351,3 +351,426 @@ tests: - name: "example.com/quux" request: "1" expectedError: 'spec.metricsServerConfig.resources: Too many: 11: must have at most 10 items' + - name: Should be able to create a minimal PrometheusK8sConfig + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + logLevel: "Info" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + logLevel: "Info" + - name: Should accept PrometheusK8sConfig with valid nodeSelector + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/worker: "" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/worker: "" + - name: Should accept PrometheusK8sConfig with valid resources + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + resources: + - name: cpu + request: 100m + limit: 500m + - name: memory + request: 128Mi + limit: 512Mi + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + resources: + - name: cpu + request: 100m + limit: 500m + - name: memory + request: 128Mi + limit: 512Mi + - name: Should accept PrometheusK8sConfig with valid tolerations + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - name: Should accept PrometheusK8sConfig with valid topologySpreadConstraints + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: prometheus + - maxSkew: 2 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: prometheus + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: prometheus + - maxSkew: 2 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: prometheus + - name: Should accept PrometheusK8sConfig with valid additionalAlertmanagerConfigs + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + additionalAlertmanagerConfigs: + - name: "external-am" + scheme: "HTTPS" + staticConfigs: + - "alertmanager.example.com:9093" + pathPrefix: "/alertmanager" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + additionalAlertmanagerConfigs: + - name: "external-am" + scheme: "HTTPS" + staticConfigs: + - "alertmanager.example.com:9093" + pathPrefix: "/alertmanager" + - name: Should accept PrometheusK8sConfig with valid remoteWrite + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: "https://remote-write.example.com/api/v1/write" + name: "remote-storage" + remoteTimeoutSeconds: 30 + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: "https://remote-write.example.com/api/v1/write" + name: "remote-storage" + remoteTimeoutSeconds: 30 + - name: Should accept PrometheusK8sConfig with valid externalLabels + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + externalLabels: + - key: "cluster" + value: "production" + - key: "environment" + value: "prod" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + externalLabels: + - key: "cluster" + value: "production" + - key: "environment" + value: "prod" + - name: Should reject PrometheusK8sConfig with empty object + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: {} + expectedError: 'spec.prometheusConfig: Invalid value: 0: spec.prometheusConfig in body should have at least 1 properties' + - name: Should reject PrometheusK8sConfig with too many additionalAlertmanagerConfigs + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + additionalAlertmanagerConfigs: + - name: "am1" + scheme: "HTTPS" + staticConfigs: ["alertmanager1.example.com:9093"] + - name: "am2" + scheme: "HTTPS" + staticConfigs: ["alertmanager2.example.com:9093"] + - name: "am3" + scheme: "HTTPS" + staticConfigs: ["alertmanager3.example.com:9093"] + - name: "am4" + scheme: "HTTPS" + staticConfigs: ["alertmanager4.example.com:9093"] + - name: "am5" + scheme: "HTTPS" + staticConfigs: ["alertmanager5.example.com:9093"] + - name: "am6" + scheme: "HTTPS" + staticConfigs: ["alertmanager6.example.com:9093"] + - name: "am7" + scheme: "HTTPS" + staticConfigs: ["alertmanager7.example.com:9093"] + - name: "am8" + scheme: "HTTPS" + staticConfigs: ["alertmanager8.example.com:9093"] + - name: "am9" + scheme: "HTTPS" + staticConfigs: ["alertmanager9.example.com:9093"] + - name: "am10" + scheme: "HTTPS" + staticConfigs: ["alertmanager10.example.com:9093"] + - name: "am11" + scheme: "HTTPS" + staticConfigs: ["alertmanager11.example.com:9093"] + expectedError: 'spec.prometheusConfig.additionalAlertmanagerConfigs: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusK8sConfig with too many remoteWrite configs + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + remoteWrite: + - url: "https://remote1.example.com/api/v1/write" + - url: "https://remote2.example.com/api/v1/write" + - url: "https://remote3.example.com/api/v1/write" + - url: "https://remote4.example.com/api/v1/write" + - url: "https://remote5.example.com/api/v1/write" + - url: "https://remote6.example.com/api/v1/write" + - url: "https://remote7.example.com/api/v1/write" + - url: "https://remote8.example.com/api/v1/write" + - url: "https://remote9.example.com/api/v1/write" + - url: "https://remote10.example.com/api/v1/write" + - url: "https://remote11.example.com/api/v1/write" + expectedError: 'spec.prometheusConfig.remoteWrite: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusK8sConfig with too many resources + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + resources: + - name: "cpu" + request: "100m" + - name: "memory" + request: "64Mi" + - name: "hugepages-2Mi" + request: "32Mi" + - name: "hugepages-1Gi" + request: "1Gi" + - name: "ephemeral-storage" + request: "1Gi" + - name: "nvidia.com/gpu" + request: "1" + - name: "example.com/foo" + request: "1" + - name: "example.com/bar" + request: "1" + - name: "example.com/baz" + request: "1" + - name: "example.com/qux" + request: "1" + - name: "example.com/quux" + request: "1" + expectedError: 'spec.prometheusConfig.resources: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusK8sConfig with too many tolerations + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + tolerations: + - key: key1 + operator: Exists + effect: NoSchedule + - key: key2 + operator: Exists + effect: NoSchedule + - key: key3 + operator: Exists + effect: NoSchedule + - key: key4 + operator: Exists + effect: NoSchedule + - key: key5 + operator: Exists + effect: NoSchedule + - key: key6 + operator: Exists + effect: NoSchedule + - key: key7 + operator: Exists + effect: NoSchedule + - key: key8 + operator: Exists + effect: NoSchedule + - key: key9 + operator: Exists + effect: NoSchedule + - key: key10 + operator: Exists + effect: NoSchedule + - key: key11 + operator: Exists + effect: NoSchedule + expectedError: 'spec.prometheusConfig.tolerations: Too many: 11: must have at most 10 items' + - name: Should reject PrometheusK8sConfig with empty tolerations array + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + tolerations: [] + expectedError: 'spec.prometheusConfig.tolerations: Invalid value: 0: spec.prometheusConfig.tolerations in body should have at least 1 items' + - name: Should reject PrometheusK8sConfig with empty topologySpreadConstraints array + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + topologySpreadConstraints: [] + expectedError: 'spec.prometheusConfig.topologySpreadConstraints: Invalid value: 0: spec.prometheusConfig.topologySpreadConstraints in body should have at least 1 items' + - name: Should reject PrometheusK8sConfig with too many topologySpreadConstraints + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + userDefined: + mode: "Disabled" + prometheusConfig: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "zone1" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone2" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone3" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone4" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone5" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone6" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone7" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone8" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone9" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone10" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone11" + whenUnsatisfiable: DoNotSchedule + expectedError: 'spec.prometheusConfig.topologySpreadConstraints: Too many: 11: must have at most 10 items' diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 0653eeb5a5e..6e34b8c79dd 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -89,6 +89,19 @@ type ClusterMonitoringSpec struct { // The current default value is `DefaultConfig`. // +optional AlertmanagerConfig AlertmanagerConfig `json:"alertmanagerConfig,omitempty,omitzero"` + // prometheusConfig provides configuration options for the default platform Prometheus instance + // that runs in the `openshift-monitoring` namespace. This configuration applies only to the + // platform Prometheus instance; user-workload Prometheus instances are configured separately. + // + // This field allows you to customize how the platform Prometheus is deployed and operated, including: + // - Pod scheduling (node selectors, tolerations, topology spread constraints) + // - Resource allocation (CPU, memory requests/limits) + // - Retention policies (how long metrics are stored) + // - External integrations (remote write, additional alertmanagers) + // + // This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + // +optional + PrometheusConfig PrometheusConfig `json:"prometheusConfig,omitempty,omitzero"` // metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. // Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -244,14 +257,12 @@ type AlertmanagerCustomConfig struct { // +listMapKey=whenUnsatisfiable // +optional TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` - // volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - // configure the persistent volume claim, including storage class, volume - // size, and name. + // volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + // configure the persistent volume claim, including storage class and volume size. // If omitted, the Pod uses ephemeral storage and alert data will not persist // across restarts. - // This field is optional. // +optional - VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` + VolumeClaimTemplate VolumeClaimConfig `json:"volumeClaimTemplate,omitempty,omitzero"` } // AlertManagerDeployMode defines the deployment state of the platform Alertmanager instance. @@ -272,19 +283,19 @@ const ( AlertManagerDeployModeCustomConfig AlertManagerDeployMode = "CustomConfig" ) -// logLevel defines the verbosity of logs emitted by Alertmanager. +// LogLevel defines the verbosity of logs emitted by Alertmanager. // Valid values are Error, Warn, Info and Debug. // +kubebuilder:validation:Enum=Error;Warn;Info;Debug type LogLevel string const ( - // Error only errors will be logged. + // LogLevelError only errors will be logged. LogLevelError LogLevel = "Error" - // Warn, both warnings and errors will be logged. + // LogLevelWarn, both warnings and errors will be logged. LogLevelWarn LogLevel = "Warn" - // Info, general information, warnings, and errors will all be logged. + // LogLevelInfo, general information, warnings, and errors will all be logged. LogLevelInfo LogLevel = "Info" - // Debug, detailed debugging information will be logged. + // LogLevelDebug, detailed debugging information will be logged. LogLevelDebug LogLevel = "Debug" ) @@ -416,6 +427,549 @@ type MetricsServerConfig struct { TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` } +// PrometheusConfig provides configuration options for the Prometheus instance. +// Use this configuration to control +// Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations. +// +kubebuilder:validation:MinProperties=1 +type PrometheusConfig struct { + // additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + // the Prometheus component. This is useful for organizations that need to: + // - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + // - Route different types of alerts to different teams or systems + // - Integrate with existing enterprise alerting infrastructure + // - Maintain separate alert routing for compliance or organizational requirements + // By default, no additional Alertmanager instances are configured. + // When omitted, no additional Alertmanager instances are configured (default behavior). + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Each entry must have a unique name field, which serves as the map key for server-side apply. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + AdditionalAlertmanagerConfigs []AdditionalAlertmanagerConfig `json:"additionalAlertmanagerConfigs,omitempty"` + // enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + // If a scraped target's body response is larger than the limit, the scrape will fail. + // This helps protect Prometheus from targets that return excessively large responses. + // The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + // When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + // limit based on cluster capacity. Set an explicit value to override the automatic calculation. + // Minimum value is 1 byte. + // Maximum value is 1099511627776 (1TB). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1099511627776 + // +optional + EnforcedBodySizeLimitBytes int64 `json:"enforcedBodySizeLimitBytes,omitempty"` + // externalLabels defines labels to be attached to time series and alerts + // when communicating with external systems such as federation, remote storage, + // and Alertmanager. These labels are not stored with metrics on disk; they are + // only added when data leaves Prometheus (e.g., during federation queries, + // remote write, or alert notifications). + // At least 1 label must be specified when set, with a maximum of 50 labels allowed. + // Each label key must be unique within this list. + // When omitted, no external labels are applied. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=50 + // +listType=map + // +listMapKey=key + ExternalLabels []Label `json:"externalLabels,omitempty"` + // logLevel defines the verbosity of logs emitted by Prometheus. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + // +optional + LogLevel LogLevel `json:"logLevel,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // Maximum of 10 node selector key-value pairs can be specified. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // queryLogFile specifies the file to which PromQL queries are logged. + // This setting can be either a filename, in which + // case the queries are saved to an `emptyDir` volume + // at `/var/log/prometheus`, or a full path to a location where + // an `emptyDir` volume will be mounted and the queries saved. + // Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + // writing to any other `/dev/` path is not supported. Relative paths are + // also not supported. + // By default, PromQL queries are not logged. + // Must be an absolute path starting with `/` or a simple filename without path separators. + // Must be between 1 and 255 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.startsWith('/') || !self.contains('/')",message="must be an absolute path starting with '/' or a simple filename without '/'" + // +kubebuilder:validation:XValidation:rule="!self.startsWith('/dev/') || self in ['/dev/stdout', '/dev/stderr', '/dev/null']",message="only /dev/stdout, /dev/stderr, and /dev/null are allowed as /dev/ paths" + QueryLogFile string `json:"queryLogFile,omitempty"` + // remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + // Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + // When omitted, no remote write endpoints are configured. + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Each entry must have a unique URL. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=url + // +optional + RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // Each entry must have a unique resource name. + // Minimum of 1 and maximum of 10 resource entries can be specified. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // - name: memory + // request: 40Mi + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // retention configures how long Prometheus retains metrics data and how much storage it can use. + // When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + // +optional + Retention Retention `json:"retention,omitempty,omitzero"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10 + // Minimum length for this list is 1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1 + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // collectionProfile defines the metrics collection profile that Prometheus uses to collect + // metrics from the platform components. Supported values are `Full` or + // `Minimal`. In the `Full` profile (default), Prometheus collects all + // metrics that are exposed by the platform components. In the `Minimal` + // profile, Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is `Full`. + // +optional + CollectionProfile CollectionProfile `json:"collectionProfile,omitempty"` + // volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + // configure the persistent volume claim, including storage class and volume size. + // If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + // across restarts. + // +optional + VolumeClaimTemplate VolumeClaimConfig `json:"volumeClaimTemplate,omitempty,omitzero"` +} + + +type AlertmanagerScheme string + +const ( + AlertmanagerSchemeHTTP AlertmanagerScheme = "HTTP" + AlertmanagerSchemeHTTPS AlertmanagerScheme = "HTTPS" +) + +// AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. +// The `AdditionalAlertmanagerConfig` resource defines settings for how a +// component communicates with additional Alertmanager instances. +type AdditionalAlertmanagerConfig struct { + // name is a unique identifier for this Alertmanager configuration entry. + // This field is used as the map key for server-side apply, allowing multiple + // controllers (e.g., ACM, cluster admins) to independently manage their own entries. + // The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + // hyphens, or periods, and must start and end with an alphanumeric character. + // Maximum length is 253 characters. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$')",message="must be a valid DNS subdomain: lowercase alphanumeric, hyphens, or periods" + // +required + Name string `json:"name,omitempty"` + // authorization configures the authentication method for Alertmanager connections. + // Supports bearer token authentication. When omitted, no authentication is used. + // +optional + Authorization AuthorizationConfig `json:"authorization,omitempty,omitzero"` + // pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + // For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + // set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + // This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + // Must start with "/" and not end with "/" (unless it is the root path "/"). + // Must not contain query strings ("?") or fragments ("#"). + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="self.startsWith('/')",message="pathPrefix must start with '/'" + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/') || self == '/'",message="pathPrefix must not end with '/' (except for root '/')" + // +kubebuilder:validation:XValidation:rule="!self.contains('?') && !self.contains('#')",message="pathPrefix must not contain '?' or '#'" + // +optional + PathPrefix string `json:"pathPrefix,omitempty"` + // scheme defines the URL scheme to use when communicating with Alertmanager + // instances. + // Possible values are `HTTP` or `HTTPS`. + // When omitted, defaults to `HTTP`. + // +kubebuilder:validation:Enum=HTTP;HTTPS + // +kubebuilder:default=HTTP + // +optional + Scheme AlertmanagerScheme `json:"scheme,omitempty"` + // staticConfigs is a list of statically configured Alertmanager endpoints in the form + // of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + // (in brackets) followed by a colon and a valid port number (1-65535). + // Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + // At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MaxLength=255 + // +kubebuilder:validation:items:XValidation:rule="isURL('http://' + self) && url('http://' + self).getHostname() != '' && url('http://' + self).getPort() != '' && int(url('http://' + self).getPort()) >= 1 && int(url('http://' + self).getPort()) <= 65535",message="must be a valid 'host:port' where host is a DNS name, IPv4, or IPv6 address (in brackets), and port is 1-65535" + // +listType=set + // +required + StaticConfigs []string `json:"staticConfigs,omitempty"` + // timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + // When omitted, the default is 10 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + // +optional + TimeoutSeconds int32 `json:"timeoutSeconds,omitempty"` + // tlsConfig defines the TLS settings to use for Alertmanager connections. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` +} + +// Label represents a key/value pair for external labels. +type Label struct { + // key is the name of the label. + // Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Key string `json:"key,omitempty"` + // value is the value of the label. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Value string `json:"value,omitempty"` +} + + +// RemoteWriteSpec represents configuration for remote write endpoints. +type RemoteWriteSpec struct { + // url is the URL of the remote write endpoint. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" + URL string `json:"url,omitempty"` + // name is an optional identifier for this remote write configuration. + // When omitted, Prometheus generates a unique name automatically. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + // remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + // When omitted, the default is 30 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + // +optional + RemoteTimeoutSeconds int32 `json:"remoteTimeoutSeconds,omitempty"` + // writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + // When omitted, no relabeling is performed and all metrics are sent as-is. + // Maximum of 10 relabeling rules can be specified. + // Each rule must have a unique name. + // +optional + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + WriteRelabelConfigs []RelabelConfig `json:"writeRelabelConfigs,omitempty"` +} + +// RelabelConfig represents a relabeling rule. +// +kubebuilder:validation:XValidation:rule="self.action in ['Replace', 'HashMod'] ? has(self.targetLabel) && self.targetLabel != '' : true",message="targetLabel is required when action is Replace or HashMod" +type RelabelConfig struct { + // name is a unique identifier for this relabel configuration. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + // sourceLabels specifies which label names to extract from each series for this relabeling rule. + // Each entry must be a valid label name (non-empty). + // The values of these labels are joined together using the configured separator, + // and the resulting string is then matched against the regular expression for + // the replace, keep, or drop actions. + // If a referenced label does not exist on a series, Prometheus substitutes an empty string. + // When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + // Maximum of 10 source labels can be specified, each between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=128 + // +listType=set + SourceLabels []string `json:"sourceLabels,omitempty"` + // separator is the character sequence used to join source label values. + // Common examples: ";" (default), ",", "::", "|||". + // When omitted, defaults to ";" (semicolon). + // Must be between 1 and 5 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=5 + Separator string `json:"separator,omitempty"` + // regex is the regular expression to match against the concatenated source label values. + // Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + // When omitted, defaults to "(.*)" (matches everything). + // Must be between 1 and 1000 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1000 + Regex string `json:"regex,omitempty"` + // targetLabel is the target label name where the result is written. + // Required for Replace and HashMod actions (enforced by validation). + // When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. + // Must be between 1 and 128 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + // replacement is the value against which a regex replace is performed if the + // regular expression matches. Regex capture groups are available (e.g., $1, $2). + // When omitted, defaults to "$1" (the first capture group). + // Setting to an empty string ("") explicitly clears the target label value. + // Must be at most 255 characters in length. + // +optional + // +kubebuilder:validation:MaxLength=255 + Replacement *string `json:"replacement,omitempty"` + // action is the action to perform on the matched labels. + // Valid actions are: + // - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + // - Keep: Keeps only metrics where regex matches the source labels. + // - Drop: Drops metrics where regex matches the source labels. + // - HashMod: Sets targetLabel to the hash modulus of the source labels. + // - LabelMap: Copies labels matching regex to new label names derived from replacement. + // - LabelDrop: Drops labels matching regex. + // - LabelKeep: Keeps only labels matching regex. + // +required + Action RelabelAction `json:"action,omitempty"` +} + +// TLSConfig represents TLS configuration for Alertmanager connections. +// At least one TLS configuration option must be specified. +// For mutual TLS (mTLS), both cert and key must be specified together, or both omitted. +// +kubebuilder:validation:MinProperties=1 +// +kubebuilder:validation:XValidation:rule="(has(self.cert) && has(self.key)) || (!has(self.cert) && !has(self.key))",message="cert and key must both be specified together for mutual TLS, or both be omitted" +type TLSConfig struct { + // ca is an optional CA certificate to use for TLS connections. + // When omitted, the system's default CA bundle is used. + // +optional + CA SecretKeySelector `json:"ca,omitempty,omitzero"` + // cert is an optional client certificate to use for mutual TLS connections. + // When omitted, no client certificate is presented. + // +optional + Cert SecretKeySelector `json:"cert,omitempty,omitzero"` + // key is an optional client key to use for mutual TLS connections. + // When omitted, no client key is used. + // +optional + Key SecretKeySelector `json:"key,omitempty,omitzero"` + // serverName is an optional server name to use for TLS connections. + // When specified, must be a valid DNS subdomain as per RFC 1123. + // When omitted, the server name is derived from the URL. + // Must be between 1 and 253 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid DNS subdomain (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + ServerName string `json:"serverName,omitempty"` + // certificateVerification determines the policy for TLS certificate verification. + // Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + // When omitted, defaults to "Verify" (secure certificate verification is performed). + // +optional + // +kubebuilder:default=Verify + CertificateVerification CertificateVerificationType `json:"certificateVerification,omitempty"` +} + +// CertificateVerificationType defines the TLS certificate verification policy. +// +kubebuilder:validation:Enum=Verify;SkipVerify +type CertificateVerificationType string + +const ( + // CertificateVerificationVerify performs certificate verification (secure, recommended). + CertificateVerificationVerify CertificateVerificationType = "Verify" + // CertificateVerificationSkipVerify skips certificate verification (insecure, use with caution). + CertificateVerificationSkipVerify CertificateVerificationType = "SkipVerify" +) + +// AuthorizationType defines the type of authentication to use. +// +kubebuilder:validation:Enum=None;BearerToken +type AuthorizationType string + +const ( + // AuthorizationTypeNone indicates no authentication. + AuthorizationTypeNone AuthorizationType = "None" + // AuthorizationTypeBearerToken indicates bearer token authentication. + AuthorizationTypeBearerToken AuthorizationType = "BearerToken" +) + +// AuthorizationConfig defines the authentication method for Alertmanager connections. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken, and forbidden otherwise" +// +union +type AuthorizationConfig struct { + // type specifies the authentication type to use. + // Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + // When set to None, no authentication credentials are sent. + // When set to BearerToken, the bearerToken field must be specified. + // +unionDiscriminator + // +required + Type AuthorizationType `json:"type,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", forbidden otherwise. + // The secret must exist in the openshift-monitoring namespace. + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` +} + +// SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace. +// +structType=atomic +type SecretKeySelector struct { + // name is the name of the secret in the `openshift-monitoring` namespace to select from. + // Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid secret name (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + Name string `json:"name,omitempty"` + // key is the key of the secret to select from. + // Must consist of alphanumeric characters, '-', '_', or '.'. + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="must contain only alphanumeric characters, '-', '_', or '.'" + Key string `json:"key,omitempty"` +} + +// VolumeClaimConfig defines the configuration for a PersistentVolumeClaim used for storage. +// +kubebuilder:validation:MinProperties=1 +type VolumeClaimConfig struct { + // storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + // When omitted, the default StorageClass is used. + // Must be a valid DNS subdomain name (RFC 1123) when specified. + // Maximum length is 253 characters. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="storageClassName must be a valid DNS subdomain name" + // +optional + StorageClassName *string `json:"storageClassName,omitempty"` + // sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + // This determines how much data can be stored. + // Minimum value is 1 GiB. + // Maximum value is 16384 GiB (16 TiB). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=16384 + // +required + SizeInGiB int32 `json:"sizeInGiB,omitempty"` +} + +// Retention configures how long Prometheus retains metrics data and how much storage it can use. +// +kubebuilder:validation:MinProperties=1 +type Retention struct { + // durationInDays specifies how many days Prometheus will retain metrics data. + // Prometheus automatically deletes data older than this duration. + // When omitted, the default is 15 days. + // Minimum value is 1 day. + // Maximum value is 365 days (1 year). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=365 + // +optional + DurationInDays int32 `json:"durationInDays,omitempty"` + // sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + // can use for data blocks and the write-ahead log (WAL). + // When the limit is reached, Prometheus will delete oldest data first. + // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + // Minimum value is 1 GiB. + // Maximum value is 16384 GiB (16 TiB). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=16384 + // +optional + SizeInGiB int32 `json:"sizeInGiB,omitempty"` +} + +// RelabelAction defines the action to perform in a relabeling rule. +// +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep +type RelabelAction string + +const ( + // RelabelActionReplace replaces the target label with the replacement value. + RelabelActionReplace RelabelAction = "Replace" + // RelabelActionKeep keeps metrics that match the regex. + RelabelActionKeep RelabelAction = "Keep" + // RelabelActionDrop drops metrics that match the regex. + RelabelActionDrop RelabelAction = "Drop" + // RelabelActionHashMod sets the target label to the modulus of a hash of the source labels. + RelabelActionHashMod RelabelAction = "HashMod" + // RelabelActionLabelMap maps label names based on regex matching. + RelabelActionLabelMap RelabelAction = "LabelMap" + // RelabelActionLabelDrop removes labels that match the regex. + RelabelActionLabelDrop RelabelAction = "LabelDrop" + // RelabelActionLabelKeep removes labels that do not match the regex. + RelabelActionLabelKeep RelabelAction = "LabelKeep" +) + +// CollectionProfile defines the metrics collection profile for Prometheus. +// +kubebuilder:validation:Enum=Full;Minimal +type CollectionProfile string + +const ( + // CollectionProfileFull means Prometheus collects all metrics that are exposed by the platform components. + CollectionProfileFull CollectionProfile = "Full" + // CollectionProfileMinimal means Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + CollectionProfileMinimal CollectionProfile = "Minimal" +) + // AuditProfile defines the audit log level for the Metrics Server. // +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse type AuditProfile string diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index ff4cf49c6d9..7eafe6526f6 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -452,428 +452,36 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. + minProperties: 1 properties: - apiVersion: + sizeInGiB: description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string or nil value indicates that no - VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, - this field can be reset to its previous value (including nil) to cancel the modification. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - allocatedResourceStatuses: - additionalProperties: - description: |- - When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore that update and let other controllers - handle it. - type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nClaimResourceStatus - can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState - set when resize controller starts resizing the volume - in control-plane.\n\t- ControllerResizeFailed:\n\t\tState - set when resize has failed in resize controller - with a terminal error.\n\t- NodeResizePending:\n\t\tState - set when resize controller has finished resizing - the volume but further resizing of\n\t\tvolume is - needed on the node.\n\t- NodeResizeInProgress:\n\t\tState - set when kubelet starts resizing the volume.\n\t- - NodeResizeFailed:\n\t\tState set when resizing has - failed in kubelet with a terminal error. Transient - errors don't set\n\t\tNodeResizeFailed.\nFor example: - if expanding a PVC for more capacity - this field - can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\"\nWhen this field is not set, - it means that no resize operation is in progress - for the given PVC.\n\nA controller that receives - PVC update with previously unknown resourceName - or ClaimResourceStatus\nshould ignore the update - for the purpose it was designed. For example - a - controller that\nonly is responsible for resizing - capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with - PVC.\n\nThis is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nCapacity reported - here may be larger than the actual capacity when - a volume expansion operation\nis requested.\nFor - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used.\nIf allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation.\nIf a volume expansion capacity - request is lowered, allocatedResources is only\nlowered - if there are no expansion operations in progress - and if the actual volume capacity\nis equal or lower - than the requested capacity.\n\nA controller that - receives PVC update with previously unknown resourceName\nshould - ignore the update for the purpose it was designed. - For example - a controller that\nonly is responsible - for resizing capacity of the volume, should ignore - PVC updates that change other valid\nresources associated - with PVC.\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'Resizing'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "Resizing" that means the underlying - persistent volume is being resized. - type: string - status: - description: |- - Status is the status of the condition. - Can be True, False, Unknown. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required - type: string - type: - description: |- - Type is the type of the condition. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentVolumeAttributesClassName: - description: |- - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. - When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - type: string - modifyVolumeStatus: - description: |- - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. - When this is unset, there is no ModifyVolume operation being attempted. - properties: - status: - description: "status is the status of the ControllerModifyVolume - operation. It can be in any of following states:\n - - Pending\n Pending indicates that the PersistentVolumeClaim - cannot be modified due to unmet requirements, - such as\n the specified VolumeAttributesClass - not existing.\n - InProgress\n InProgress - indicates that the volume is being modified.\n - - Infeasible\n Infeasible indicates that the - request has been rejected as invalid by the - CSI driver. To\n\t resolve the error, a valid - VolumeAttributesClass needs to be specified.\nNote: - New statuses can be added in the future. Consumers - should check for unknown statuses and fail appropriately." - type: string - targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName is - the name of the VolumeAttributesClass the PVC - currently being reconciled - type: string - required: - - status - type: object - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - type: object + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB type: object type: object deploymentMode: @@ -1284,6 +892,994 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: 'must be a valid DNS subdomain: lowercase alphanumeric, + hyphens, or periods' + rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && url('http://' + self).getHostname() + != '' && url('http://' + self).getPort() != '' && + int(url('http://' + self).getPort()) >= 1 && int(url('http://' + + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + default: Verify + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, defaults to "Verify" (secure certificate verification is performed). + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 1 byte. + Maximum value is 1099511627776 (1TB). + format: int64 + maximum: 1099511627776 + minimum: 1 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, defaults to "(.*)" (matches everything). + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement is the value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, defaults to "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";" (default), ",", "::", "|||". + When omitted, defaults to ";" (semicolon). + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Maximum of 10 source labels can be specified, each between 1 and 128 characters. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for Replace and HashMod actions (enforced by validation). + When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace + or HashMod + rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) + && self.targetLabel != '''' : true' + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, the default is 15 days. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + minProperties: 1 + properties: + sizeInGiB: + description: |- + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: + description: |- + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 + type: string + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB + type: object + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index ad94391c0fe..76831cf5c8e 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -452,428 +452,36 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. + minProperties: 1 properties: - apiVersion: + sizeInGiB: description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string or nil value indicates that no - VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, - this field can be reset to its previous value (including nil) to cancel the modification. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - allocatedResourceStatuses: - additionalProperties: - description: |- - When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore that update and let other controllers - handle it. - type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nClaimResourceStatus - can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState - set when resize controller starts resizing the volume - in control-plane.\n\t- ControllerResizeFailed:\n\t\tState - set when resize has failed in resize controller - with a terminal error.\n\t- NodeResizePending:\n\t\tState - set when resize controller has finished resizing - the volume but further resizing of\n\t\tvolume is - needed on the node.\n\t- NodeResizeInProgress:\n\t\tState - set when kubelet starts resizing the volume.\n\t- - NodeResizeFailed:\n\t\tState set when resizing has - failed in kubelet with a terminal error. Transient - errors don't set\n\t\tNodeResizeFailed.\nFor example: - if expanding a PVC for more capacity - this field - can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\"\nWhen this field is not set, - it means that no resize operation is in progress - for the given PVC.\n\nA controller that receives - PVC update with previously unknown resourceName - or ClaimResourceStatus\nshould ignore the update - for the purpose it was designed. For example - a - controller that\nonly is responsible for resizing - capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with - PVC.\n\nThis is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nCapacity reported - here may be larger than the actual capacity when - a volume expansion operation\nis requested.\nFor - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used.\nIf allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation.\nIf a volume expansion capacity - request is lowered, allocatedResources is only\nlowered - if there are no expansion operations in progress - and if the actual volume capacity\nis equal or lower - than the requested capacity.\n\nA controller that - receives PVC update with previously unknown resourceName\nshould - ignore the update for the purpose it was designed. - For example - a controller that\nonly is responsible - for resizing capacity of the volume, should ignore - PVC updates that change other valid\nresources associated - with PVC.\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'Resizing'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "Resizing" that means the underlying - persistent volume is being resized. - type: string - status: - description: |- - Status is the status of the condition. - Can be True, False, Unknown. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required - type: string - type: - description: |- - Type is the type of the condition. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentVolumeAttributesClassName: - description: |- - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. - When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - type: string - modifyVolumeStatus: - description: |- - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. - When this is unset, there is no ModifyVolume operation being attempted. - properties: - status: - description: "status is the status of the ControllerModifyVolume - operation. It can be in any of following states:\n - - Pending\n Pending indicates that the PersistentVolumeClaim - cannot be modified due to unmet requirements, - such as\n the specified VolumeAttributesClass - not existing.\n - InProgress\n InProgress - indicates that the volume is being modified.\n - - Infeasible\n Infeasible indicates that the - request has been rejected as invalid by the - CSI driver. To\n\t resolve the error, a valid - VolumeAttributesClass needs to be specified.\nNote: - New statuses can be added in the future. Consumers - should check for unknown statuses and fail appropriately." - type: string - targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName is - the name of the VolumeAttributesClass the PVC - currently being reconciled - type: string - required: - - status - type: object - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - type: object + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB type: object type: object deploymentMode: @@ -1284,6 +892,994 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: 'must be a valid DNS subdomain: lowercase alphanumeric, + hyphens, or periods' + rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && url('http://' + self).getHostname() + != '' && url('http://' + self).getPort() != '' && + int(url('http://' + self).getPort()) >= 1 && int(url('http://' + + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + default: Verify + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, defaults to "Verify" (secure certificate verification is performed). + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 1 byte. + Maximum value is 1099511627776 (1TB). + format: int64 + maximum: 1099511627776 + minimum: 1 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, defaults to "(.*)" (matches everything). + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement is the value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, defaults to "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";" (default), ",", "::", "|||". + When omitted, defaults to ";" (semicolon). + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Maximum of 10 source labels can be specified, each between 1 and 128 characters. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for Replace and HashMod actions (enforced by validation). + When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace + or HashMod + rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) + && self.targetLabel != '''' : true' + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, the default is 15 days. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + minProperties: 1 + properties: + sizeInGiB: + description: |- + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: + description: |- + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 + type: string + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB + type: object + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 5908ec3a253..197b24e4797 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -452,428 +452,36 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. + minProperties: 1 properties: - apiVersion: + sizeInGiB: description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string or nil value indicates that no - VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, - this field can be reset to its previous value (including nil) to cancel the modification. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - allocatedResourceStatuses: - additionalProperties: - description: |- - When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore that update and let other controllers - handle it. - type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nClaimResourceStatus - can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState - set when resize controller starts resizing the volume - in control-plane.\n\t- ControllerResizeFailed:\n\t\tState - set when resize has failed in resize controller - with a terminal error.\n\t- NodeResizePending:\n\t\tState - set when resize controller has finished resizing - the volume but further resizing of\n\t\tvolume is - needed on the node.\n\t- NodeResizeInProgress:\n\t\tState - set when kubelet starts resizing the volume.\n\t- - NodeResizeFailed:\n\t\tState set when resizing has - failed in kubelet with a terminal error. Transient - errors don't set\n\t\tNodeResizeFailed.\nFor example: - if expanding a PVC for more capacity - this field - can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\"\nWhen this field is not set, - it means that no resize operation is in progress - for the given PVC.\n\nA controller that receives - PVC update with previously unknown resourceName - or ClaimResourceStatus\nshould ignore the update - for the purpose it was designed. For example - a - controller that\nonly is responsible for resizing - capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with - PVC.\n\nThis is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nCapacity reported - here may be larger than the actual capacity when - a volume expansion operation\nis requested.\nFor - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used.\nIf allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation.\nIf a volume expansion capacity - request is lowered, allocatedResources is only\nlowered - if there are no expansion operations in progress - and if the actual volume capacity\nis equal or lower - than the requested capacity.\n\nA controller that - receives PVC update with previously unknown resourceName\nshould - ignore the update for the purpose it was designed. - For example - a controller that\nonly is responsible - for resizing capacity of the volume, should ignore - PVC updates that change other valid\nresources associated - with PVC.\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'Resizing'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "Resizing" that means the underlying - persistent volume is being resized. - type: string - status: - description: |- - Status is the status of the condition. - Can be True, False, Unknown. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required - type: string - type: - description: |- - Type is the type of the condition. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentVolumeAttributesClassName: - description: |- - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. - When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - type: string - modifyVolumeStatus: - description: |- - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. - When this is unset, there is no ModifyVolume operation being attempted. - properties: - status: - description: "status is the status of the ControllerModifyVolume - operation. It can be in any of following states:\n - - Pending\n Pending indicates that the PersistentVolumeClaim - cannot be modified due to unmet requirements, - such as\n the specified VolumeAttributesClass - not existing.\n - InProgress\n InProgress - indicates that the volume is being modified.\n - - Infeasible\n Infeasible indicates that the - request has been rejected as invalid by the - CSI driver. To\n\t resolve the error, a valid - VolumeAttributesClass needs to be specified.\nNote: - New statuses can be added in the future. Consumers - should check for unknown statuses and fail appropriately." - type: string - targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName is - the name of the VolumeAttributesClass the PVC - currently being reconciled - type: string - required: - - status - type: object - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - type: object + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB type: object type: object deploymentMode: @@ -1284,6 +892,994 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: 'must be a valid DNS subdomain: lowercase alphanumeric, + hyphens, or periods' + rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && url('http://' + self).getHostname() + != '' && url('http://' + self).getPort() != '' && + int(url('http://' + self).getPort()) >= 1 && int(url('http://' + + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + default: Verify + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, defaults to "Verify" (secure certificate verification is performed). + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 1 byte. + Maximum value is 1099511627776 (1TB). + format: int64 + maximum: 1099511627776 + minimum: 1 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, defaults to "(.*)" (matches everything). + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement is the value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, defaults to "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";" (default), ",", "::", "|||". + When omitted, defaults to ";" (semicolon). + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Maximum of 10 source labels can be specified, each between 1 and 128 characters. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for Replace and HashMod actions (enforced by validation). + When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace + or HashMod + rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) + && self.targetLabel != '''' : true' + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, the default is 15 days. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + minProperties: 1 + properties: + sizeInGiB: + description: |- + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: + description: |- + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 + type: string + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB + type: object + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index 9ead6aba26b..abd349ce288 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -11,6 +11,29 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalAlertmanagerConfig) DeepCopyInto(out *AdditionalAlertmanagerConfig) { + *out = *in + out.Authorization = in.Authorization + if in.StaticConfigs != nil { + in, out := &in.StaticConfigs, &out.StaticConfigs + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.TLSConfig = in.TLSConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalAlertmanagerConfig. +func (in *AdditionalAlertmanagerConfig) DeepCopy() *AdditionalAlertmanagerConfig { + if in == nil { + return nil + } + out := new(AdditionalAlertmanagerConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AlertmanagerConfig) DeepCopyInto(out *AlertmanagerConfig) { *out = *in @@ -64,11 +87,7 @@ func (in *AlertmanagerCustomConfig) DeepCopyInto(out *AlertmanagerCustomConfig) (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.VolumeClaimTemplate != nil { - in, out := &in.VolumeClaimTemplate, &out.VolumeClaimTemplate - *out = new(v1.PersistentVolumeClaim) - (*in).DeepCopyInto(*out) - } + in.VolumeClaimTemplate.DeepCopyInto(&out.VolumeClaimTemplate) return } @@ -98,6 +117,23 @@ func (in *Audit) DeepCopy() *Audit { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizationConfig) DeepCopyInto(out *AuthorizationConfig) { + *out = *in + out.BearerToken = in.BearerToken + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationConfig. +func (in *AuthorizationConfig) DeepCopy() *AuthorizationConfig { + if in == nil { + return nil + } + out := new(AuthorizationConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backup) DeepCopyInto(out *Backup) { *out = *in @@ -364,6 +400,7 @@ func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { *out = *in out.UserDefined = in.UserDefined in.AlertmanagerConfig.DeepCopyInto(&out.AlertmanagerConfig) + in.PrometheusConfig.DeepCopyInto(&out.PrometheusConfig) in.MetricsServerConfig.DeepCopyInto(&out.MetricsServerConfig) return } @@ -753,6 +790,22 @@ func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Label) DeepCopyInto(out *Label) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Label. +func (in *Label) DeepCopy() *Label { + if in == nil { + return nil + } + out := new(Label) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MetricsServerConfig) DeepCopyInto(out *MetricsServerConfig) { *out = *in @@ -952,6 +1005,136 @@ func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig) { + *out = *in + if in.AdditionalAlertmanagerConfigs != nil { + in, out := &in.AdditionalAlertmanagerConfigs, &out.AdditionalAlertmanagerConfigs + *out = make([]AdditionalAlertmanagerConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExternalLabels != nil { + in, out := &in.ExternalLabels, &out.ExternalLabels + *out = make([]Label, len(*in)) + copy(*out, *in) + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.RemoteWrite != nil { + in, out := &in.RemoteWrite, &out.RemoteWrite + *out = make([]RemoteWriteSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.Retention = in.Retention + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.VolumeClaimTemplate.DeepCopyInto(&out.VolumeClaimTemplate) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig. +func (in *PrometheusConfig) DeepCopy() *PrometheusConfig { + if in == nil { + return nil + } + out := new(PrometheusConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { + *out = *in + if in.SourceLabels != nil { + in, out := &in.SourceLabels, &out.SourceLabels + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Replacement != nil { + in, out := &in.Replacement, &out.Replacement + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelConfig. +func (in *RelabelConfig) DeepCopy() *RelabelConfig { + if in == nil { + return nil + } + out := new(RelabelConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { + *out = *in + if in.WriteRelabelConfigs != nil { + in, out := &in.WriteRelabelConfigs, &out.WriteRelabelConfigs + *out = make([]RelabelConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteSpec. +func (in *RemoteWriteSpec) DeepCopy() *RemoteWriteSpec { + if in == nil { + return nil + } + out := new(RemoteWriteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Retention) DeepCopyInto(out *Retention) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Retention. +func (in *Retention) DeepCopy() *Retention { + if in == nil { + return nil + } + out := new(Retention) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RetentionNumberConfig) DeepCopyInto(out *RetentionNumberConfig) { *out = *in @@ -1010,6 +1193,22 @@ func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Storage) DeepCopyInto(out *Storage) { *out = *in @@ -1031,6 +1230,25 @@ func (in *Storage) DeepCopy() *Storage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { + *out = *in + out.CA = in.CA + out.Cert = in.Cert + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. +func (in *TLSConfig) DeepCopy() *TLSConfig { + if in == nil { + return nil + } + out := new(TLSConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserDefinedMonitoring) DeepCopyInto(out *UserDefinedMonitoring) { *out = *in @@ -1046,3 +1264,24 @@ func (in *UserDefinedMonitoring) DeepCopy() *UserDefinedMonitoring { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumeClaimConfig) DeepCopyInto(out *VolumeClaimConfig) { + *out = *in + if in.StorageClassName != nil { + in, out := &in.StorageClassName, &out.StorageClassName + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeClaimConfig. +func (in *VolumeClaimConfig) DeepCopy() *VolumeClaimConfig { + if in == nil { + return nil + } + out := new(VolumeClaimConfig) + in.DeepCopyInto(out) + return out +} diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 0039363709c..1669a13655b 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -452,428 +452,36 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. + minProperties: 1 properties: - apiVersion: + sizeInGiB: description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string or nil value indicates that no - VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, - this field can be reset to its previous value (including nil) to cancel the modification. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - allocatedResourceStatuses: - additionalProperties: - description: |- - When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore that update and let other controllers - handle it. - type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nClaimResourceStatus - can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState - set when resize controller starts resizing the volume - in control-plane.\n\t- ControllerResizeFailed:\n\t\tState - set when resize has failed in resize controller - with a terminal error.\n\t- NodeResizePending:\n\t\tState - set when resize controller has finished resizing - the volume but further resizing of\n\t\tvolume is - needed on the node.\n\t- NodeResizeInProgress:\n\t\tState - set when kubelet starts resizing the volume.\n\t- - NodeResizeFailed:\n\t\tState set when resizing has - failed in kubelet with a terminal error. Transient - errors don't set\n\t\tNodeResizeFailed.\nFor example: - if expanding a PVC for more capacity - this field - can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\"\nWhen this field is not set, - it means that no resize operation is in progress - for the given PVC.\n\nA controller that receives - PVC update with previously unknown resourceName - or ClaimResourceStatus\nshould ignore the update - for the purpose it was designed. For example - a - controller that\nonly is responsible for resizing - capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with - PVC.\n\nThis is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nCapacity reported - here may be larger than the actual capacity when - a volume expansion operation\nis requested.\nFor - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used.\nIf allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation.\nIf a volume expansion capacity - request is lowered, allocatedResources is only\nlowered - if there are no expansion operations in progress - and if the actual volume capacity\nis equal or lower - than the requested capacity.\n\nA controller that - receives PVC update with previously unknown resourceName\nshould - ignore the update for the purpose it was designed. - For example - a controller that\nonly is responsible - for resizing capacity of the volume, should ignore - PVC updates that change other valid\nresources associated - with PVC.\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'Resizing'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "Resizing" that means the underlying - persistent volume is being resized. - type: string - status: - description: |- - Status is the status of the condition. - Can be True, False, Unknown. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required - type: string - type: - description: |- - Type is the type of the condition. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentVolumeAttributesClassName: - description: |- - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. - When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - type: string - modifyVolumeStatus: - description: |- - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. - When this is unset, there is no ModifyVolume operation being attempted. - properties: - status: - description: "status is the status of the ControllerModifyVolume - operation. It can be in any of following states:\n - - Pending\n Pending indicates that the PersistentVolumeClaim - cannot be modified due to unmet requirements, - such as\n the specified VolumeAttributesClass - not existing.\n - InProgress\n InProgress - indicates that the volume is being modified.\n - - Infeasible\n Infeasible indicates that the - request has been rejected as invalid by the - CSI driver. To\n\t resolve the error, a valid - VolumeAttributesClass needs to be specified.\nNote: - New statuses can be added in the future. Consumers - should check for unknown statuses and fail appropriately." - type: string - targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName is - the name of the VolumeAttributesClass the PVC - currently being reconciled - type: string - required: - - status - type: object - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - type: object + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB type: object type: object deploymentMode: @@ -1284,6 +892,994 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: 'must be a valid DNS subdomain: lowercase alphanumeric, + hyphens, or periods' + rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && url('http://' + self).getHostname() + != '' && url('http://' + self).getPort() != '' && + int(url('http://' + self).getPort()) >= 1 && int(url('http://' + + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + default: Verify + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, defaults to "Verify" (secure certificate verification is performed). + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 1 byte. + Maximum value is 1099511627776 (1TB). + format: int64 + maximum: 1099511627776 + minimum: 1 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, defaults to "(.*)" (matches everything). + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement is the value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, defaults to "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";" (default), ",", "::", "|||". + When omitted, defaults to ";" (semicolon). + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Maximum of 10 source labels can be specified, each between 1 and 128 characters. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for Replace and HashMod actions (enforced by validation). + When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace + or HashMod + rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) + && self.targetLabel != '''' : true' + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, the default is 15 days. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + minProperties: 1 + properties: + sizeInGiB: + description: |- + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: + description: |- + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 + type: string + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB + type: object + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 59a5b370856..26cb0145d85 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -118,6 +118,21 @@ func (ClusterImagePolicyStatus) SwaggerDoc() map[string]string { return map_ClusterImagePolicyStatus } +var map_AdditionalAlertmanagerConfig = map[string]string{ + "": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "name": "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", + "authorization": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "pathPrefix": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. Must start with \"/\" and not end with \"/\" (unless it is the root path \"/\"). Must not contain query strings (\"?\") or fragments (\"#\").", + "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", + "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints).", + "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "tlsConfig": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", +} + +func (AdditionalAlertmanagerConfig) SwaggerDoc() map[string]string { + return map_AdditionalAlertmanagerConfig +} + var map_AlertmanagerConfig = map[string]string{ "": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "deploymentMode": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", @@ -136,7 +151,7 @@ var map_AlertmanagerCustomConfig = map[string]string{ "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "volumeClaimTemplate": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", } func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string { @@ -152,6 +167,16 @@ func (Audit) SwaggerDoc() map[string]string { return map_Audit } +var map_AuthorizationConfig = map[string]string{ + "": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "type": "type specifies the authentication type to use. Valid values are \"None\" (no authentication) and \"BearerToken\" (bearer token authentication). When set to None, no authentication credentials are sent. When set to BearerToken, the bearerToken field must be specified.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", +} + +func (AuthorizationConfig) SwaggerDoc() map[string]string { + return map_AuthorizationConfig +} + var map_ClusterMonitoring = map[string]string{ "": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "metadata": "metadata is the standard object metadata.", @@ -177,6 +202,7 @@ var map_ClusterMonitoringSpec = map[string]string{ "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "prometheusConfig": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } @@ -203,6 +229,16 @@ func (ContainerResource) SwaggerDoc() map[string]string { return map_ContainerResource } +var map_Label = map[string]string{ + "": "Label represents a key/value pair for external labels.", + "key": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "value": "value is the value of the label. Must be between 1 and 128 characters in length.", +} + +func (Label) SwaggerDoc() map[string]string { + return map_Label +} + var map_MetricsServerConfig = map[string]string{ "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", @@ -217,6 +253,87 @@ func (MetricsServerConfig) SwaggerDoc() map[string]string { return map_MetricsServerConfig } +var map_PrometheusConfig = map[string]string{ + "": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + "additionalAlertmanagerConfigs": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nBy default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field, which serves as the map key for server-side apply.", + "enforcedBodySizeLimitBytes": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 1 byte. Maximum value is 1099511627776 (1TB).", + "externalLabels": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. Maximum of 10 node selector key-value pairs can be specified.", + "queryLogFile": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must be between 1 and 255 characters in length.", + "remoteWrite": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique URL.", + "resources": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", + "retention": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "collectionProfile": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", +} + +func (PrometheusConfig) SwaggerDoc() map[string]string { + return map_PrometheusConfig +} + +var map_RelabelConfig = map[string]string{ + "": "RelabelConfig represents a relabeling rule.", + "name": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Maximum of 10 source labels can be specified, each between 1 and 128 characters.", + "separator": "separator is the character sequence used to join source label values. Common examples: \";\" (default), \",\", \"::\", \"|||\". When omitted, defaults to \";\" (semicolon). Must be between 1 and 5 characters in length when specified.", + "regex": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, defaults to \"(.*)\" (matches everything). Must be between 1 and 1000 characters in length when specified.", + "targetLabel": "targetLabel is the target label name where the result is written. Required for Replace and HashMod actions (enforced by validation). When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified.", + "replacement": "replacement is the value against which a regex replace is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, defaults to \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + "action": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", +} + +func (RelabelConfig) SwaggerDoc() map[string]string { + return map_RelabelConfig +} + +var map_RemoteWriteSpec = map[string]string{ + "": "RemoteWriteSpec represents configuration for remote write endpoints.", + "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "name": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + "remoteTimeoutSeconds": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", +} + +func (RemoteWriteSpec) SwaggerDoc() map[string]string { + return map_RemoteWriteSpec +} + +var map_Retention = map[string]string{ + "": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "durationInDays": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, the default is 15 days. Minimum value is 1 day. Maximum value is 365 days (1 year).", + "sizeInGiB": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", +} + +func (Retention) SwaggerDoc() map[string]string { + return map_Retention +} + +var map_SecretKeySelector = map[string]string{ + "": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "name": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "key": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", +} + +func (SecretKeySelector) SwaggerDoc() map[string]string { + return map_SecretKeySelector +} + +var map_TLSConfig = map[string]string{ + "": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "ca": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + "cert": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + "key": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "serverName": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "certificateVerification": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, defaults to \"Verify\" (secure certificate verification is performed).", +} + +func (TLSConfig) SwaggerDoc() map[string]string { + return map_TLSConfig +} + var map_UserDefinedMonitoring = map[string]string{ "": "UserDefinedMonitoring config for user-defined projects.", "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", @@ -226,6 +343,16 @@ func (UserDefinedMonitoring) SwaggerDoc() map[string]string { return map_UserDefinedMonitoring } +var map_VolumeClaimConfig = map[string]string{ + "": "VolumeClaimConfig defines the configuration for a PersistentVolumeClaim used for storage.", + "storageClassName": "storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. When omitted, the default StorageClass is used. Must be a valid DNS subdomain name (RFC 1123) when specified. Maximum length is 253 characters.", + "sizeInGiB": "sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. This determines how much data can be stored. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", +} + +func (VolumeClaimConfig) SwaggerDoc() map[string]string { + return map_VolumeClaimConfig +} + var map_ImagePolicy = map[string]string{ "": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 48c8b7cd56c..a802aff348d 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -442,9 +442,11 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1.VSpherePlatformTopology": schema_openshift_api_config_v1_VSpherePlatformTopology(ref), "github.com/openshift/api/config/v1.VSpherePlatformVCenterSpec": schema_openshift_api_config_v1_VSpherePlatformVCenterSpec(ref), "github.com/openshift/api/config/v1.WebhookTokenAuthenticator": schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref), + "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig": schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref), "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig": schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref), "github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig": schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref), "github.com/openshift/api/config/v1alpha1.Audit": schema_openshift_api_config_v1alpha1_Audit(ref), + "github.com/openshift/api/config/v1alpha1.AuthorizationConfig": schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref), "github.com/openshift/api/config/v1alpha1.Backup": schema_openshift_api_config_v1alpha1_Backup(ref), "github.com/openshift/api/config/v1alpha1.BackupList": schema_openshift_api_config_v1alpha1_BackupList(ref), "github.com/openshift/api/config/v1alpha1.BackupSpec": schema_openshift_api_config_v1alpha1_BackupSpec(ref), @@ -472,6 +474,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.InsightsDataGatherList": schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref), "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), + "github.com/openshift/api/config/v1alpha1.Label": schema_openshift_api_config_v1alpha1_Label(ref), "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), "github.com/openshift/api/config/v1alpha1.PKICertificateSubject": schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref), "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref), @@ -481,11 +484,18 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.PolicyMatchExactRepository": schema_openshift_api_config_v1alpha1_PolicyMatchExactRepository(ref), "github.com/openshift/api/config/v1alpha1.PolicyMatchRemapIdentity": schema_openshift_api_config_v1alpha1_PolicyMatchRemapIdentity(ref), "github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust": schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref), + "github.com/openshift/api/config/v1alpha1.PrometheusConfig": schema_openshift_api_config_v1alpha1_PrometheusConfig(ref), + "github.com/openshift/api/config/v1alpha1.RelabelConfig": schema_openshift_api_config_v1alpha1_RelabelConfig(ref), + "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec": schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref), + "github.com/openshift/api/config/v1alpha1.Retention": schema_openshift_api_config_v1alpha1_Retention(ref), "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig": schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref), "github.com/openshift/api/config/v1alpha1.RetentionPolicy": schema_openshift_api_config_v1alpha1_RetentionPolicy(ref), "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig": schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref), + "github.com/openshift/api/config/v1alpha1.SecretKeySelector": schema_openshift_api_config_v1alpha1_SecretKeySelector(ref), "github.com/openshift/api/config/v1alpha1.Storage": schema_openshift_api_config_v1alpha1_Storage(ref), + "github.com/openshift/api/config/v1alpha1.TLSConfig": schema_openshift_api_config_v1alpha1_TLSConfig(ref), "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring": schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref), + "github.com/openshift/api/config/v1alpha1.VolumeClaimConfig": schema_openshift_api_config_v1alpha1_VolumeClaimConfig(ref), "github.com/openshift/api/config/v1alpha2.Custom": schema_openshift_api_config_v1alpha2_Custom(ref), "github.com/openshift/api/config/v1alpha2.GatherConfig": schema_openshift_api_config_v1alpha2_GatherConfig(ref), "github.com/openshift/api/config/v1alpha2.GathererConfig": schema_openshift_api_config_v1alpha2_GathererConfig(ref), @@ -22105,6 +22115,84 @@ func schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref common.Referen } } +func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "authorization": { + SchemaProps: spec.SchemaProps{ + Description: "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.AuthorizationConfig"), + }, + }, + "pathPrefix": { + SchemaProps: spec.SchemaProps{ + Description: "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. Must start with \"/\" and not end with \"/\" (unless it is the root path \"/\"). Must not contain query strings (\"?\") or fragments (\"#\").", + Type: []string{"string"}, + Format: "", + }, + }, + "scheme": { + SchemaProps: spec.SchemaProps{ + Description: "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", + Type: []string{"string"}, + Format: "", + }, + }, + "staticConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "timeoutSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "tlsConfig": { + SchemaProps: spec.SchemaProps{ + Description: "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), + }, + }, + }, + Required: []string{"name", "staticConfigs"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.AuthorizationConfig", "github.com/openshift/api/config/v1alpha1.TLSConfig"}, + } +} + func schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -22251,15 +22339,16 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re }, "volumeClaimTemplate": { SchemaProps: spec.SchemaProps{ - Description: "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaim"), + Description: "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.VolumeClaimConfig"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, + "github.com/openshift/api/config/v1alpha1.ContainerResource", "github.com/openshift/api/config/v1alpha1.VolumeClaimConfig", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, } } @@ -22284,6 +22373,48 @@ func schema_openshift_api_config_v1alpha1_Audit(ref common.ReferenceCallback) co } } +func schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AuthorizationConfig defines the authentication method for Alertmanager connections.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type specifies the authentication type to use. Valid values are \"None\" (no authentication) and \"BearerToken\" (bearer token authentication). When set to None, no authentication credentials are sent. When set to BearerToken, the bearerToken field must be specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "bearerToken": { + SchemaProps: spec.SchemaProps{ + Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "bearerToken": "BearerToken", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -22719,6 +22850,13 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer Ref: ref("github.com/openshift/api/config/v1alpha1.AlertmanagerConfig"), }, }, + "prometheusConfig": { + SchemaProps: spec.SchemaProps{ + Description: "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusConfig"), + }, + }, "metricsServerConfig": { SchemaProps: spec.SchemaProps{ Description: "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", @@ -22730,7 +22868,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, + "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.PrometheusConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, } } @@ -23313,6 +23451,34 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref common.Re } } +func schema_openshift_api_config_v1alpha1_Label(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Label represents a key/value pair for external labels.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the value of the label. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"key", "value"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23686,100 +23852,498 @@ func schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref common.Reference } } -func schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PrometheusConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + Description: "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "maxNumberOfBackups": { + "additionalAlertmanagerConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", - Default: 0, + Description: "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nBy default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field, which serves as the map key for server-side apply.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig"), + }, + }, + }, + }, + }, + "enforcedBodySizeLimitBytes": { + SchemaProps: spec.SchemaProps{ + Description: "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 1 byte. Maximum value is 1099511627776 (1TB).", Type: []string{"integer"}, - Format: "int32", + Format: "int64", }, }, - }, - Required: []string{"maxNumberOfBackups"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha1_RetentionPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "retentionType": { + "externalLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "key", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", - Default: "", + Description: "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Label"), + }, + }, + }, + }, + }, + "logLevel": { + SchemaProps: spec.SchemaProps{ + Description: "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"RetentionNumber", "RetentionSize"}, }, }, - "retentionNumber": { + "nodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "retentionNumber configures the retention policy based on the number of backups", - Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionNumberConfig"), + Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. Maximum of 10 node selector key-value pairs can be specified.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "retentionSize": { + "queryLogFile": { SchemaProps: spec.SchemaProps{ - Description: "retentionSize configures the retention policy based on the size of backups", - Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"), + Description: "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must be between 1 and 255 characters in length.", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"retentionType"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "retentionType", - "fields-to-discriminateBy": map[string]interface{}{ - "retentionNumber": "RetentionNumber", - "retentionSize": "RetentionSize", + "remoteWrite": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "url", + }, + "x-kubernetes-list-type": "map", }, }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig", "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"}, - } -} - -func schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "maxSizeOfBackupsGb": { SchemaProps: spec.SchemaProps{ - Description: "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique URL.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RemoteWriteSpec"), + }, + }, + }, }, }, - }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "retention": { + SchemaProps: spec.SchemaProps{ + Description: "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Retention"), + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.Toleration"), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), + }, + }, + }, + }, + }, + "collectionProfile": { + SchemaProps: spec.SchemaProps{ + Description: "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + Type: []string{"string"}, + Format: "", + }, + }, + "volumeClaimTemplate": { + SchemaProps: spec.SchemaProps{ + Description: "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.VolumeClaimConfig"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.ContainerResource", "github.com/openshift/api/config/v1alpha1.Label", "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec", "github.com/openshift/api/config/v1alpha1.Retention", "github.com/openshift/api/config/v1alpha1.VolumeClaimConfig", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, + } +} + +func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RelabelConfig represents a relabeling rule.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "sourceLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Maximum of 10 source labels can be specified, each between 1 and 128 characters.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "separator": { + SchemaProps: spec.SchemaProps{ + Description: "separator is the character sequence used to join source label values. Common examples: \";\" (default), \",\", \"::\", \"|||\". When omitted, defaults to \";\" (semicolon). Must be between 1 and 5 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "regex": { + SchemaProps: spec.SchemaProps{ + Description: "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, defaults to \"(.*)\" (matches everything). Must be between 1 and 1000 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the target label name where the result is written. Required for Replace and HashMod actions (enforced by validation). When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "replacement": { + SchemaProps: spec.SchemaProps{ + Description: "replacement is the value against which a regex replace is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, defaults to \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "action": { + SchemaProps: spec.SchemaProps{ + Description: "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "action"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RemoteWriteSpec represents configuration for remote write endpoints.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "url": { + SchemaProps: spec.SchemaProps{ + Description: "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "remoteTimeoutSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "writeRelabelConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RelabelConfig"), + }, + }, + }, + }, + }, + }, + Required: []string{"url"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.RelabelConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_Retention(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "durationInDays": { + SchemaProps: spec.SchemaProps{ + Description: "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, the default is 15 days. Minimum value is 1 day. Maximum value is 365 days (1 year).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "sizeInGiB": { + SchemaProps: spec.SchemaProps{ + Description: "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "maxNumberOfBackups": { + SchemaProps: spec.SchemaProps{ + Description: "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + Required: []string{"maxNumberOfBackups"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RetentionPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "retentionType": { + SchemaProps: spec.SchemaProps{ + Description: "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", + Default: "", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"RetentionNumber", "RetentionSize"}, + }, + }, + "retentionNumber": { + SchemaProps: spec.SchemaProps{ + Description: "retentionNumber configures the retention policy based on the number of backups", + Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionNumberConfig"), + }, + }, + "retentionSize": { + SchemaProps: spec.SchemaProps{ + Description: "retentionSize configures the retention policy based on the size of backups", + Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"), + }, + }, + }, + Required: []string{"retentionType"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "retentionType", + "fields-to-discriminateBy": map[string]interface{}{ + "retentionNumber": "RetentionNumber", + "retentionSize": "RetentionSize", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig", "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "maxSizeOfBackupsGb": { + SchemaProps: spec.SchemaProps{ + Description: "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, Required: []string{"maxSizeOfBackupsGb"}, }, }, } } +func schema_openshift_api_config_v1alpha1_SecretKeySelector(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "key"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-map-type": "atomic", + }, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23810,6 +24374,56 @@ func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) } } +func schema_openshift_api_config_v1alpha1_TLSConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ca": { + SchemaProps: spec.SchemaProps{ + Description: "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "cert": { + SchemaProps: spec.SchemaProps{ + Description: "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "serverName": { + SchemaProps: spec.SchemaProps{ + Description: "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "certificateVerification": { + SchemaProps: spec.SchemaProps{ + Description: "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, defaults to \"Verify\" (secure certificate verification is performed).", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -23833,6 +24447,34 @@ func schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref common.Refer } } +func schema_openshift_api_config_v1alpha1_VolumeClaimConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "VolumeClaimConfig defines the configuration for a PersistentVolumeClaim used for storage.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "storageClassName": { + SchemaProps: spec.SchemaProps{ + Description: "storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. When omitted, the default StorageClass is used. Must be a valid DNS subdomain name (RFC 1123) when specified. Maximum length is 253 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "sizeInGiB": { + SchemaProps: spec.SchemaProps{ + Description: "sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. This determines how much data can be stored. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + Required: []string{"sizeInGiB"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha2_Custom(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index c9a1a8d9a46..a87ef3c4b0d 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -6951,26 +6951,6 @@ } } }, - "com.github.openshift.api.config.v1.GCPServiceEndpoint": { - "description": "GCPServiceEndpoint store the configuration of a custom url to override existing defaults of GCP Services.", - "type": "object", - "required": [ - "name", - "url" - ], - "properties": { - "name": { - "description": "name is the name of the GCP service whose endpoint is being overridden. This must be provided and cannot be empty.\n\nAllowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, Storage, and TagManager.\n\nAs an example, when setting the name to Compute all requests made by the caller to the GCP Compute Service will be directed to the endpoint specified in the url field.", - "type": "string", - "default": "" - }, - "url": { - "description": "url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified in the name field. url is required, must use the scheme https, must not be more than 253 characters in length, and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL)\n\nAn example of a valid endpoint that overrides the Compute Service: \"https://compute-myendpoint1.p.googleapis.com\"", - "type": "string", - "default": "" - } - } - }, "com.github.openshift.api.config.v1.GatherConfig": { "description": "GatherConfig provides data gathering configuration options.", "type": "object", @@ -12066,6 +12046,52 @@ } } }, + "com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig": { + "description": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "type": "object", + "required": [ + "name", + "staticConfigs" + ], + "properties": { + "authorization": { + "description": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AuthorizationConfig" + }, + "name": { + "description": "name is a unique identifier for this Alertmanager configuration entry. This field is used as the map key for server-side apply, allowing multiple controllers (e.g., ACM, cluster admins) to independently manage their own entries. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Maximum length is 253 characters.", + "type": "string" + }, + "pathPrefix": { + "description": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. Must start with \"/\" and not end with \"/\" (unless it is the root path \"/\"). Must not contain query strings (\"?\") or fragments (\"#\").", + "type": "string" + }, + "scheme": { + "description": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, defaults to `HTTP`.", + "type": "string" + }, + "staticConfigs": { + "description": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "timeoutSeconds": { + "description": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "type": "integer", + "format": "int32" + }, + "tlsConfig": { + "description": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" + } + } + }, "com.github.openshift.api.config.v1alpha1.AlertmanagerConfig": { "description": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "type": "object", @@ -12144,8 +12170,9 @@ "x-kubernetes-list-type": "map" }, "volumeClaimTemplate": { - "description": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" + "description": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.VolumeClaimConfig" } } }, @@ -12162,6 +12189,32 @@ } } }, + "com.github.openshift.api.config.v1alpha1.AuthorizationConfig": { + "description": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "bearerToken": { + "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "type": { + "description": "type specifies the authentication type to use. Valid values are \"None\" (no authentication) and \"BearerToken\" (bearer token authentication). When set to None, no authentication credentials are sent. When set to BearerToken, the bearerToken field must be specified.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "bearerToken": "BearerToken" + } + } + ] + }, "com.github.openshift.api.config.v1alpha1.Backup": { "description": "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -12416,6 +12469,11 @@ "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetricsServerConfig" }, + "prometheusConfig": { + "description": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusConfig" + }, "userDefined": { "description": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", "default": {}, @@ -12763,6 +12821,24 @@ "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus": { "type": "object" }, + "com.github.openshift.api.config.v1alpha1.Label": { + "description": "Label represents a key/value pair for external labels.", + "type": "object", + "required": [ + "key", + "value" + ], + "properties": { + "key": { + "description": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "type": "string" + }, + "value": { + "description": "value is the value of the label. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "type": "object", @@ -12985,6 +13061,210 @@ } ] }, + "com.github.openshift.api.config.v1alpha1.PrometheusConfig": { + "description": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + "type": "object", + "properties": { + "additionalAlertmanagerConfigs": { + "description": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nBy default, no additional Alertmanager instances are configured. When omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique name field, which serves as the map key for server-side apply.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "collectionProfile": { + "description": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "type": "string" + }, + "enforcedBodySizeLimitBytes": { + "description": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 1 byte. Maximum value is 1099511627776 (1TB).", + "type": "integer", + "format": "int64" + }, + "externalLabels": { + "description": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Label" + }, + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" + }, + "logLevel": { + "description": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "type": "string" + }, + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. Maximum of 10 node selector key-value pairs can be specified.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "queryLogFile": { + "description": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must be between 1 and 255 characters in length.", + "type": "string" + }, + "remoteWrite": { + "description": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Each entry must have a unique URL.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RemoteWriteSpec" + }, + "x-kubernetes-list-map-keys": [ + "url" + ], + "x-kubernetes-list-type": "map" + }, + "resources": { + "description": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "retention": { + "description": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Retention" + }, + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "volumeClaimTemplate": { + "description": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.VolumeClaimConfig" + } + } + }, + "com.github.openshift.api.config.v1alpha1.RelabelConfig": { + "description": "RelabelConfig represents a relabeling rule.", + "type": "object", + "required": [ + "name", + "action" + ], + "properties": { + "action": { + "description": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", + "type": "string" + }, + "name": { + "description": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "type": "string" + }, + "regex": { + "description": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, defaults to \"(.*)\" (matches everything). Must be between 1 and 1000 characters in length when specified.", + "type": "string" + }, + "replacement": { + "description": "replacement is the value against which a regex replace is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, defaults to \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", + "type": "string" + }, + "separator": { + "description": "separator is the character sequence used to join source label values. Common examples: \";\" (default), \",\", \"::\", \"|||\". When omitted, defaults to \";\" (semicolon). Must be between 1 and 5 characters in length when specified.", + "type": "string" + }, + "sourceLabels": { + "description": "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Maximum of 10 source labels can be specified, each between 1 and 128 characters.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "targetLabel": { + "description": "targetLabel is the target label name where the result is written. Required for Replace and HashMod actions (enforced by validation). When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.RemoteWriteSpec": { + "description": "RemoteWriteSpec represents configuration for remote write endpoints.", + "type": "object", + "required": [ + "url" + ], + "properties": { + "name": { + "description": "name is an optional identifier for this remote write configuration. When omitted, Prometheus generates a unique name automatically. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length when specified.", + "type": "string" + }, + "remoteTimeoutSeconds": { + "description": "remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. When omitted, the default is 30 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "type": "integer", + "format": "int32" + }, + "url": { + "description": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "type": "string" + }, + "writeRelabelConfigs": { + "description": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RelabelConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1alpha1.Retention": { + "description": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "type": "object", + "properties": { + "durationInDays": { + "description": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, the default is 15 days. Minimum value is 1 day. Maximum value is 365 days (1 year).", + "type": "integer", + "format": "int32" + }, + "sizeInGiB": { + "description": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", + "type": "integer", + "format": "int32" + } + } + }, "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig": { "description": "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", "type": "object", @@ -13050,6 +13330,25 @@ } } }, + "com.github.openshift.api.config.v1alpha1.SecretKeySelector": { + "description": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "type": "object", + "required": [ + "name", + "key" + ], + "properties": { + "key": { + "description": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", + "type": "string" + }, + "name": { + "description": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, "com.github.openshift.api.config.v1alpha1.Storage": { "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", @@ -13068,6 +13367,35 @@ } } }, + "com.github.openshift.api.config.v1alpha1.TLSConfig": { + "description": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "type": "object", + "properties": { + "ca": { + "description": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "cert": { + "description": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "certificateVerification": { + "description": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, defaults to \"Verify\" (secure certificate verification is performed).", + "type": "string" + }, + "key": { + "description": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "serverName": { + "description": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring": { "description": "UserDefinedMonitoring config for user-defined projects.", "type": "object", @@ -13086,6 +13414,24 @@ } } }, + "com.github.openshift.api.config.v1alpha1.VolumeClaimConfig": { + "description": "VolumeClaimConfig defines the configuration for a PersistentVolumeClaim used for storage.", + "type": "object", + "required": [ + "sizeInGiB" + ], + "properties": { + "sizeInGiB": { + "description": "sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. This determines how much data can be stored. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", + "type": "integer", + "format": "int32" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. When omitted, the default StorageClass is used. Must be a valid DNS subdomain name (RFC 1123) when specified. Maximum length is 253 characters.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha2.Custom": { "description": "custom provides the custom configuration of gatherers", "type": "object", diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index ff4cf49c6d9..7eafe6526f6 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -452,428 +452,36 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. + minProperties: 1 properties: - apiVersion: + sizeInGiB: description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string or nil value indicates that no - VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, - this field can be reset to its previous value (including nil) to cancel the modification. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - allocatedResourceStatuses: - additionalProperties: - description: |- - When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore that update and let other controllers - handle it. - type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nClaimResourceStatus - can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState - set when resize controller starts resizing the volume - in control-plane.\n\t- ControllerResizeFailed:\n\t\tState - set when resize has failed in resize controller - with a terminal error.\n\t- NodeResizePending:\n\t\tState - set when resize controller has finished resizing - the volume but further resizing of\n\t\tvolume is - needed on the node.\n\t- NodeResizeInProgress:\n\t\tState - set when kubelet starts resizing the volume.\n\t- - NodeResizeFailed:\n\t\tState set when resizing has - failed in kubelet with a terminal error. Transient - errors don't set\n\t\tNodeResizeFailed.\nFor example: - if expanding a PVC for more capacity - this field - can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\"\nWhen this field is not set, - it means that no resize operation is in progress - for the given PVC.\n\nA controller that receives - PVC update with previously unknown resourceName - or ClaimResourceStatus\nshould ignore the update - for the purpose it was designed. For example - a - controller that\nonly is responsible for resizing - capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with - PVC.\n\nThis is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nCapacity reported - here may be larger than the actual capacity when - a volume expansion operation\nis requested.\nFor - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used.\nIf allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation.\nIf a volume expansion capacity - request is lowered, allocatedResources is only\nlowered - if there are no expansion operations in progress - and if the actual volume capacity\nis equal or lower - than the requested capacity.\n\nA controller that - receives PVC update with previously unknown resourceName\nshould - ignore the update for the purpose it was designed. - For example - a controller that\nonly is responsible - for resizing capacity of the volume, should ignore - PVC updates that change other valid\nresources associated - with PVC.\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'Resizing'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "Resizing" that means the underlying - persistent volume is being resized. - type: string - status: - description: |- - Status is the status of the condition. - Can be True, False, Unknown. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required - type: string - type: - description: |- - Type is the type of the condition. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentVolumeAttributesClassName: - description: |- - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. - When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - type: string - modifyVolumeStatus: - description: |- - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. - When this is unset, there is no ModifyVolume operation being attempted. - properties: - status: - description: "status is the status of the ControllerModifyVolume - operation. It can be in any of following states:\n - - Pending\n Pending indicates that the PersistentVolumeClaim - cannot be modified due to unmet requirements, - such as\n the specified VolumeAttributesClass - not existing.\n - InProgress\n InProgress - indicates that the volume is being modified.\n - - Infeasible\n Infeasible indicates that the - request has been rejected as invalid by the - CSI driver. To\n\t resolve the error, a valid - VolumeAttributesClass needs to be specified.\nNote: - New statuses can be added in the future. Consumers - should check for unknown statuses and fail appropriately." - type: string - targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName is - the name of the VolumeAttributesClass the PVC - currently being reconciled - type: string - required: - - status - type: object - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - type: object + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB type: object type: object deploymentMode: @@ -1284,6 +892,994 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: 'must be a valid DNS subdomain: lowercase alphanumeric, + hyphens, or periods' + rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && url('http://' + self).getHostname() + != '' && url('http://' + self).getPort() != '' && + int(url('http://' + self).getPort()) >= 1 && int(url('http://' + + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + default: Verify + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, defaults to "Verify" (secure certificate verification is performed). + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 1 byte. + Maximum value is 1099511627776 (1TB). + format: int64 + maximum: 1099511627776 + minimum: 1 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, defaults to "(.*)" (matches everything). + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement is the value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, defaults to "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";" (default), ",", "::", "|||". + When omitted, defaults to ";" (semicolon). + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Maximum of 10 source labels can be specified, each between 1 and 128 characters. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for Replace and HashMod actions (enforced by validation). + When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace + or HashMod + rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) + && self.targetLabel != '''' : true' + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, the default is 15 days. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + minProperties: 1 + properties: + sizeInGiB: + description: |- + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: + description: |- + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 + type: string + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB + type: object + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index ad94391c0fe..76831cf5c8e 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -452,428 +452,36 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. + minProperties: 1 properties: - apiVersion: + sizeInGiB: description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string or nil value indicates that no - VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, - this field can be reset to its previous value (including nil) to cancel the modification. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - allocatedResourceStatuses: - additionalProperties: - description: |- - When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore that update and let other controllers - handle it. - type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nClaimResourceStatus - can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState - set when resize controller starts resizing the volume - in control-plane.\n\t- ControllerResizeFailed:\n\t\tState - set when resize has failed in resize controller - with a terminal error.\n\t- NodeResizePending:\n\t\tState - set when resize controller has finished resizing - the volume but further resizing of\n\t\tvolume is - needed on the node.\n\t- NodeResizeInProgress:\n\t\tState - set when kubelet starts resizing the volume.\n\t- - NodeResizeFailed:\n\t\tState set when resizing has - failed in kubelet with a terminal error. Transient - errors don't set\n\t\tNodeResizeFailed.\nFor example: - if expanding a PVC for more capacity - this field - can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\"\nWhen this field is not set, - it means that no resize operation is in progress - for the given PVC.\n\nA controller that receives - PVC update with previously unknown resourceName - or ClaimResourceStatus\nshould ignore the update - for the purpose it was designed. For example - a - controller that\nonly is responsible for resizing - capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with - PVC.\n\nThis is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nCapacity reported - here may be larger than the actual capacity when - a volume expansion operation\nis requested.\nFor - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used.\nIf allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation.\nIf a volume expansion capacity - request is lowered, allocatedResources is only\nlowered - if there are no expansion operations in progress - and if the actual volume capacity\nis equal or lower - than the requested capacity.\n\nA controller that - receives PVC update with previously unknown resourceName\nshould - ignore the update for the purpose it was designed. - For example - a controller that\nonly is responsible - for resizing capacity of the volume, should ignore - PVC updates that change other valid\nresources associated - with PVC.\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'Resizing'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "Resizing" that means the underlying - persistent volume is being resized. - type: string - status: - description: |- - Status is the status of the condition. - Can be True, False, Unknown. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required - type: string - type: - description: |- - Type is the type of the condition. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentVolumeAttributesClassName: - description: |- - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. - When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - type: string - modifyVolumeStatus: - description: |- - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. - When this is unset, there is no ModifyVolume operation being attempted. - properties: - status: - description: "status is the status of the ControllerModifyVolume - operation. It can be in any of following states:\n - - Pending\n Pending indicates that the PersistentVolumeClaim - cannot be modified due to unmet requirements, - such as\n the specified VolumeAttributesClass - not existing.\n - InProgress\n InProgress - indicates that the volume is being modified.\n - - Infeasible\n Infeasible indicates that the - request has been rejected as invalid by the - CSI driver. To\n\t resolve the error, a valid - VolumeAttributesClass needs to be specified.\nNote: - New statuses can be added in the future. Consumers - should check for unknown statuses and fail appropriately." - type: string - targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName is - the name of the VolumeAttributesClass the PVC - currently being reconciled - type: string - required: - - status - type: object - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - type: object + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB type: object type: object deploymentMode: @@ -1284,6 +892,994 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: 'must be a valid DNS subdomain: lowercase alphanumeric, + hyphens, or periods' + rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && url('http://' + self).getHostname() + != '' && url('http://' + self).getPort() != '' && + int(url('http://' + self).getPort()) >= 1 && int(url('http://' + + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + default: Verify + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, defaults to "Verify" (secure certificate verification is performed). + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 1 byte. + Maximum value is 1099511627776 (1TB). + format: int64 + maximum: 1099511627776 + minimum: 1 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, defaults to "(.*)" (matches everything). + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement is the value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, defaults to "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";" (default), ",", "::", "|||". + When omitted, defaults to ";" (semicolon). + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Maximum of 10 source labels can be specified, each between 1 and 128 characters. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for Replace and HashMod actions (enforced by validation). + When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace + or HashMod + rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) + && self.targetLabel != '''' : true' + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, the default is 15 days. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + minProperties: 1 + properties: + sizeInGiB: + description: |- + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: + description: |- + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 + type: string + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB + type: object + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 5908ec3a253..197b24e4797 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -452,428 +452,36 @@ spec: x-kubernetes-list-type: map volumeClaimTemplate: description: |- - volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - configure the persistent volume claim, including storage class, volume - size, and name. + volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - This field is optional. + minProperties: 1 properties: - apiVersion: + sizeInGiB: description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string or nil value indicates that no - VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, - this field can be reset to its previous value (including nil) to cancel the modification. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - allocatedResourceStatuses: - additionalProperties: - description: |- - When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore that update and let other controllers - handle it. - type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nClaimResourceStatus - can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState - set when resize controller starts resizing the volume - in control-plane.\n\t- ControllerResizeFailed:\n\t\tState - set when resize has failed in resize controller - with a terminal error.\n\t- NodeResizePending:\n\t\tState - set when resize controller has finished resizing - the volume but further resizing of\n\t\tvolume is - needed on the node.\n\t- NodeResizeInProgress:\n\t\tState - set when kubelet starts resizing the volume.\n\t- - NodeResizeFailed:\n\t\tState set when resizing has - failed in kubelet with a terminal error. Transient - errors don't set\n\t\tNodeResizeFailed.\nFor example: - if expanding a PVC for more capacity - this field - can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\"\nWhen this field is not set, - it means that no resize operation is in progress - for the given PVC.\n\nA controller that receives - PVC update with previously unknown resourceName - or ClaimResourceStatus\nshould ignore the update - for the purpose it was designed. For example - a - controller that\nonly is responsible for resizing - capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with - PVC.\n\nThis is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity.\nKey - names follow standard Kubernetes label syntax. Valid - values are either:\n\t* Un-prefixed keys:\n\t\t- - storage - the capacity of the volume.\n\t* Custom - resources must use implementation-defined prefixed - names such as \"example.com/my-custom-resource\"\nApart - from above values - keys that are unprefixed or - have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\nCapacity reported - here may be larger than the actual capacity when - a volume expansion operation\nis requested.\nFor - storage quota, the larger value from allocatedResources - and PVC.spec.resources is used.\nIf allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation.\nIf a volume expansion capacity - request is lowered, allocatedResources is only\nlowered - if there are no expansion operations in progress - and if the actual volume capacity\nis equal or lower - than the requested capacity.\n\nA controller that - receives PVC update with previously unknown resourceName\nshould - ignore the update for the purpose it was designed. - For example - a controller that\nonly is responsible - for resizing capacity of the volume, should ignore - PVC updates that change other valid\nresources associated - with PVC.\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'Resizing'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "Resizing" that means the underlying - persistent volume is being resized. - type: string - status: - description: |- - Status is the status of the condition. - Can be True, False, Unknown. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required - type: string - type: - description: |- - Type is the type of the condition. - More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentVolumeAttributesClassName: - description: |- - currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. - When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - type: string - modifyVolumeStatus: - description: |- - ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. - When this is unset, there is no ModifyVolume operation being attempted. - properties: - status: - description: "status is the status of the ControllerModifyVolume - operation. It can be in any of following states:\n - - Pending\n Pending indicates that the PersistentVolumeClaim - cannot be modified due to unmet requirements, - such as\n the specified VolumeAttributesClass - not existing.\n - InProgress\n InProgress - indicates that the volume is being modified.\n - - Infeasible\n Infeasible indicates that the - request has been rejected as invalid by the - CSI driver. To\n\t resolve the error, a valid - VolumeAttributesClass needs to be specified.\nNote: - New statuses can be added in the future. Consumers - should check for unknown statuses and fail appropriately." - type: string - targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName is - the name of the VolumeAttributesClass the PVC - currently being reconciled - type: string - required: - - status - type: object - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - type: object + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB type: object type: object deploymentMode: @@ -1284,6 +892,994 @@ spec: - TraceAll type: string type: object + prometheusConfig: + description: |- + prometheusConfig provides configuration options for the default platform Prometheus instance + that runs in the `openshift-monitoring` namespace. This configuration applies only to the + platform Prometheus instance; user-workload Prometheus instances are configured separately. + + This field allows you to customize how the platform Prometheus is deployed and operated, including: + - Pod scheduling (node selectors, tolerations, topology spread constraints) + - Resource allocation (CPU, memory requests/limits) + - Retention policies (how long metrics are stored) + - External integrations (remote write, additional alertmanagers) + + This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + minProperties: 1 + properties: + additionalAlertmanagerConfigs: + description: |- + additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + the Prometheus component. This is useful for organizations that need to: + - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + - Route different types of alerts to different teams or systems + - Integrate with existing enterprise alerting infrastructure + - Maintain separate alert routing for compliance or organizational requirements + By default, no additional Alertmanager instances are configured. + When omitted, no additional Alertmanager instances are configured (default behavior). + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique name field, which serves as the map key for server-side apply. + items: + description: |- + AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. + The `AdditionalAlertmanagerConfig` resource defines settings for how a + component communicates with additional Alertmanager instances. + properties: + authorization: + description: |- + authorization configures the authentication method for Alertmanager connections. + Supports bearer token authentication. When omitted, no authentication is used. + properties: + bearerToken: + description: |- + bearerToken defines the secret reference containing the bearer token. + Required when type is "BearerToken", forbidden otherwise. + The secret must exist in the openshift-monitoring namespace. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + type: + description: |- + type specifies the authentication type to use. + Valid values are "None" (no authentication) and "BearerToken" (bearer token authentication). + When set to None, no authentication credentials are sent. + When set to BearerToken, the bearerToken field must be specified. + enum: + - None + - BearerToken + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: bearerToken is required when type is BearerToken, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''BearerToken'' + ? has(self.bearerToken) : !has(self.bearerToken)' + name: + description: |- + name is a unique identifier for this Alertmanager configuration entry. + This field is used as the map key for server-side apply, allowing multiple + controllers (e.g., ACM, cluster admins) to independently manage their own entries. + The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + hyphens, or periods, and must start and end with an alphanumeric character. + Maximum length is 253 characters. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: 'must be a valid DNS subdomain: lowercase alphanumeric, + hyphens, or periods' + rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + pathPrefix: + description: |- + pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + Must start with "/" and not end with "/" (unless it is the root path "/"). + Must not contain query strings ("?") or fragments ("#"). + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: pathPrefix must start with '/' + rule: self.startsWith('/') + - message: pathPrefix must not end with '/' (except for + root '/') + rule: '!self.endsWith(''/'') || self == ''/''' + - message: pathPrefix must not contain '?' or '#' + rule: '!self.contains(''?'') && !self.contains(''#'')' + scheme: + default: HTTP + description: |- + scheme defines the URL scheme to use when communicating with Alertmanager + instances. + Possible values are `HTTP` or `HTTPS`. + When omitted, defaults to `HTTP`. + enum: + - HTTP + - HTTPS + type: string + staticConfigs: + description: |- + staticConfigs is a list of statically configured Alertmanager endpoints in the form + of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + (in brackets) followed by a colon and a valid port number (1-65535). + Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + items: + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must be a valid 'host:port' where host is a + DNS name, IPv4, or IPv6 address (in brackets), and + port is 1-65535 + rule: isURL('http://' + self) && url('http://' + self).getHostname() + != '' && url('http://' + self).getPort() != '' && + int(url('http://' + self).getPort()) >= 1 && int(url('http://' + + self).getPort()) <= 65535 + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: set + timeoutSeconds: + description: |- + timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + When omitted, the default is 10 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + tlsConfig: + description: |- + tlsConfig defines the TLS settings to use for Alertmanager connections. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + ca: + description: |- + ca is an optional CA certificate to use for TLS connections. + When omitted, the system's default CA bundle is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + cert: + description: |- + cert is an optional client certificate to use for mutual TLS connections. + When omitted, no client certificate is presented. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + certificateVerification: + default: Verify + description: |- + certificateVerification determines the policy for TLS certificate verification. + Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + When omitted, defaults to "Verify" (secure certificate verification is performed). + enum: + - Verify + - SkipVerify + type: string + key: + description: |- + key is an optional client key to use for mutual TLS connections. + When omitted, no client key is used. + properties: + key: + description: |- + key is the key of the secret to select from. + Must consist of alphanumeric characters, '-', '_', or '.'. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + '-', '_', or '.' + rule: self.matches('^[a-zA-Z0-9._-]+$') + name: + description: |- + name is the name of the secret in the `openshift-monitoring` namespace to select from. + Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid secret name (lowercase + alphanumeric characters, '-' or '.', start and + end with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - key + - name + type: object + x-kubernetes-map-type: atomic + serverName: + description: |- + serverName is an optional server name to use for TLS connections. + When specified, must be a valid DNS subdomain as per RFC 1123. + When omitted, the server name is derived from the URL. + Must be between 1 and 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid DNS subdomain (lowercase + alphanumeric characters, '-' or '.', start and end + with alphanumeric) + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + type: object + x-kubernetes-validations: + - message: cert and key must both be specified together + for mutual TLS, or both be omitted + rule: (has(self.cert) && has(self.key)) || (!has(self.cert) + && !has(self.key)) + required: + - name + - staticConfigs + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + collectionProfile: + description: |- + collectionProfile defines the metrics collection profile that Prometheus uses to collect + metrics from the platform components. Supported values are `Full` or + `Minimal`. In the `Full` profile (default), Prometheus collects all + metrics that are exposed by the platform components. In the `Minimal` + profile, Prometheus only collects metrics necessary for the default + platform alerts, recording rules, telemetry and console dashboards. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The default value is `Full`. + enum: + - Full + - Minimal + type: string + enforcedBodySizeLimitBytes: + description: |- + enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + If a scraped target's body response is larger than the limit, the scrape will fail. + This helps protect Prometheus from targets that return excessively large responses. + The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + limit based on cluster capacity. Set an explicit value to override the automatic calculation. + Minimum value is 1 byte. + Maximum value is 1099511627776 (1TB). + format: int64 + maximum: 1099511627776 + minimum: 1 + type: integer + externalLabels: + description: |- + externalLabels defines labels to be attached to time series and alerts + when communicating with external systems such as federation, remote storage, + and Alertmanager. These labels are not stored with metrics on disk; they are + only added when data leaves Prometheus (e.g., during federation queries, + remote write, or alert notifications). + At least 1 label must be specified when set, with a maximum of 50 labels allowed. + Each label key must be unique within this list. + When omitted, no external labels are applied. + items: + description: Label represents a key/value pair for external + labels. + properties: + key: + description: |- + key is the name of the label. + Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + value: + description: |- + value is the value of the label. + Must be between 1 and 128 characters in length. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + logLevel: + description: |- + logLevel defines the verbosity of logs emitted by Prometheus. + This field allows users to control the amount and severity of logs generated, which can be useful + for debugging issues or reducing noise in production environments. + Allowed values are Error, Warn, Info, and Debug. + When set to Error, only errors will be logged. + When set to Warn, both warnings and errors will be logged. + When set to Info, general information, warnings, and errors will all be logged. + When set to Debug, detailed debugging information will be logged. + When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + The current default value is `Info`. + enum: + - Error + - Warn + - Info + - Debug + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + Maximum of 10 node selector key-value pairs can be specified. + maxProperties: 10 + minProperties: 1 + type: object + queryLogFile: + description: |- + queryLogFile specifies the file to which PromQL queries are logged. + This setting can be either a filename, in which + case the queries are saved to an `emptyDir` volume + at `/var/log/prometheus`, or a full path to a location where + an `emptyDir` volume will be mounted and the queries saved. + Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + writing to any other `/dev/` path is not supported. Relative paths are + also not supported. + By default, PromQL queries are not logged. + Must be an absolute path starting with `/` or a simple filename without path separators. + Must be between 1 and 255 characters in length. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be an absolute path starting with '/' or a simple + filename without '/' + rule: self.startsWith('/') || !self.contains('/') + - message: only /dev/stdout, /dev/stderr, and /dev/null are allowed + as /dev/ paths + rule: '!self.startsWith(''/dev/'') || self in [''/dev/stdout'', + ''/dev/stderr'', ''/dev/null'']' + remoteWrite: + description: |- + remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + When omitted, no remote write endpoints are configured. + When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + Each entry must have a unique URL. + items: + description: RemoteWriteSpec represents configuration for remote + write endpoints. + properties: + name: + description: |- + name is an optional identifier for this remote write configuration. + When omitted, Prometheus generates a unique name automatically. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length when specified. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, hyphens, + and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + remoteTimeoutSeconds: + description: |- + remoteTimeoutSeconds is the timeout in seconds for requests to the remote write endpoint. + When omitted, the default is 30 seconds. + Minimum value is 1 second. + Maximum value is 600 seconds (10 minutes). + format: int32 + maximum: 600 + minimum: 1 + type: integer + url: + description: |- + url is the URL of the remote write endpoint. + Must be a valid URL with http or https scheme. + Must be between 1 and 2048 characters in length. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid URL with http or https scheme + rule: isURL(self) && (url(self).getScheme() == 'http' + || url(self).getScheme() == 'https') + writeRelabelConfigs: + description: |- + writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + When omitted, no relabeling is performed and all metrics are sent as-is. + Maximum of 10 relabeling rules can be specified. + Each rule must have a unique name. + items: + description: RelabelConfig represents a relabeling rule. + properties: + action: + description: |- + action is the action to perform on the matched labels. + Valid actions are: + - Replace: Replaces the value of targetLabel with replacement, using regex capture groups. + - Keep: Keeps only metrics where regex matches the source labels. + - Drop: Drops metrics where regex matches the source labels. + - HashMod: Sets targetLabel to the hash modulus of the source labels. + - LabelMap: Copies labels matching regex to new label names derived from replacement. + - LabelDrop: Drops labels matching regex. + - LabelKeep: Keeps only labels matching regex. + enum: + - Replace + - Keep + - Drop + - HashMod + - LabelMap + - LabelDrop + - LabelKeep + type: string + name: + description: |- + name is a unique identifier for this relabel configuration. + Must contain only alphanumeric characters, hyphens, and underscores. + Must be between 1 and 63 characters in length. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must contain only alphanumeric characters, + hyphens, and underscores + rule: self.matches('^[a-zA-Z0-9_-]+$') + regex: + description: |- + regex is the regular expression to match against the concatenated source label values. + Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + When omitted, defaults to "(.*)" (matches everything). + Must be between 1 and 1000 characters in length when specified. + maxLength: 1000 + minLength: 1 + type: string + replacement: + description: |- + replacement is the value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available (e.g., $1, $2). + When omitted, defaults to "$1" (the first capture group). + Setting to an empty string ("") explicitly clears the target label value. + Must be at most 255 characters in length. + maxLength: 255 + type: string + separator: + description: |- + separator is the character sequence used to join source label values. + Common examples: ";" (default), ",", "::", "|||". + When omitted, defaults to ";" (semicolon). + Must be between 1 and 5 characters in length when specified. + maxLength: 5 + minLength: 1 + type: string + sourceLabels: + description: |- + sourceLabels specifies which label names to extract from each series for this relabeling rule. + Each entry must be a valid label name (non-empty). + The values of these labels are joined together using the configured separator, + and the resulting string is then matched against the regular expression for + the replace, keep, or drop actions. + If a referenced label does not exist on a series, Prometheus substitutes an empty string. + When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + Maximum of 10 source labels can be specified, each between 1 and 128 characters. + items: + maxLength: 128 + minLength: 1 + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: set + targetLabel: + description: |- + targetLabel is the target label name where the result is written. + Required for Replace and HashMod actions (enforced by validation). + When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. + Must be between 1 and 128 characters in length when specified. + maxLength: 128 + minLength: 1 + type: string + required: + - action + - name + type: object + x-kubernetes-validations: + - message: targetLabel is required when action is Replace + or HashMod + rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) + && self.targetLabel != '''' : true' + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - url + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - url + x-kubernetes-list-type: map + resources: + description: |- + resources defines the compute resource requests and limits for the Prometheus container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + Each entry must have a unique resource name. + Minimum of 1 and maximum of 10 resource entries can be specified. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: isQuantity(self) && quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retention: + description: |- + retention configures how long Prometheus retains metrics data and how much storage it can use. + When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + minProperties: 1 + properties: + durationInDays: + description: |- + durationInDays specifies how many days Prometheus will retain metrics data. + Prometheus automatically deletes data older than this duration. + When omitted, the default is 15 days. + Minimum value is 1 day. + Maximum value is 365 days (1 year). + format: int32 + maximum: 365 + minimum: 1 + type: integer + sizeInGiB: + description: |- + sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + can use for data blocks and the write-ahead log (WAL). + When the limit is reached, Prometheus will delete oldest data first. + When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + type: object + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + Maximum length for this list is 10 + Minimum length for this list is 1 + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Default is empty list. + Maximum length for this list is 10. + Minimum length for this list is 1 + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeClaimTemplate: + description: |- + volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + configure the persistent volume claim, including storage class and volume size. + If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + across restarts. + minProperties: 1 + properties: + sizeInGiB: + description: |- + sizeInGiB specifies the storage capacity in gibibytes (GiB) for the volume. + This determines how much data can be stored. + Minimum value is 1 GiB. + Maximum value is 16384 GiB (16 TiB). + format: int32 + maximum: 16384 + minimum: 1 + type: integer + storageClassName: + description: |- + storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. + When omitted, the default StorageClass is used. + Must be a valid DNS subdomain name (RFC 1123) when specified. + Maximum length is 253 characters. + maxLength: 253 + type: string + x-kubernetes-validations: + - message: storageClassName must be a valid DNS subdomain + name + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + required: + - sizeInGiB + type: object + type: object userDefined: description: |- userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. From ff7d44e0a0e3f95f29471003fe25bfadb3f4747f Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Fri, 9 Jan 2026 12:34:11 +0100 Subject: [PATCH 2/3] fix comments suggestions Signed-off-by: Mario Fernandez --- config/v1alpha1/types_cluster_monitoring.go | 12 +++++------- ...r_01_clustermonitorings-CustomNoUpgrade.crd.yaml | 13 ++++++------- ..._clustermonitorings-DevPreviewNoUpgrade.crd.yaml | 13 ++++++------- ...clustermonitorings-TechPreviewNoUpgrade.crd.yaml | 13 ++++++------- .../ClusterMonitoringConfig.yaml | 13 ++++++------- .../v1alpha1/zz_generated.swagger_doc_generated.go | 2 +- openapi/generated_openapi/zz_generated.openapi.go | 2 +- openapi/openapi.json | 2 +- ...r_01_clustermonitorings-CustomNoUpgrade.crd.yaml | 13 ++++++------- ..._clustermonitorings-DevPreviewNoUpgrade.crd.yaml | 13 ++++++------- ...clustermonitorings-TechPreviewNoUpgrade.crd.yaml | 13 ++++++------- 11 files changed, 50 insertions(+), 59 deletions(-) diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 6e34b8c79dd..7052252a577 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -596,7 +596,8 @@ type PrometheusConfig struct { VolumeClaimTemplate VolumeClaimConfig `json:"volumeClaimTemplate,omitempty,omitzero"` } - +// AlertmanagerScheme defines the URL scheme to use when communicating with Alertmanager instances. +// +kubebuilder:validation:Enum=HTTP;HTTPS type AlertmanagerScheme string const ( @@ -616,7 +617,7 @@ type AdditionalAlertmanagerConfig struct { // Maximum length is 253 characters. // +kubebuilder:validation:MaxLength=253 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$')",message="must be a valid DNS subdomain: lowercase alphanumeric, hyphens, or periods" + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." // +required Name string `json:"name,omitempty"` // authorization configures the authentication method for Alertmanager connections. @@ -640,7 +641,6 @@ type AdditionalAlertmanagerConfig struct { // instances. // Possible values are `HTTP` or `HTTPS`. // When omitted, defaults to `HTTP`. - // +kubebuilder:validation:Enum=HTTP;HTTPS // +kubebuilder:default=HTTP // +optional Scheme AlertmanagerScheme `json:"scheme,omitempty"` @@ -687,7 +687,6 @@ type Label struct { Value string `json:"value,omitempty"` } - // RemoteWriteSpec represents configuration for remote write endpoints. type RemoteWriteSpec struct { // url is the URL of the remote write endpoint. @@ -727,7 +726,7 @@ type RemoteWriteSpec struct { } // RelabelConfig represents a relabeling rule. -// +kubebuilder:validation:XValidation:rule="self.action in ['Replace', 'HashMod'] ? has(self.targetLabel) && self.targetLabel != '' : true",message="targetLabel is required when action is Replace or HashMod" +// +kubebuilder:validation:XValidation:rule="self.action in ['Replace', 'HashMod'] ? has(self.targetLabel) && self.targetLabel != ” : true",message="targetLabel is required when action is Replace or HashMod" type RelabelConfig struct { // name is a unique identifier for this relabel configuration. // Must contain only alphanumeric characters, hyphens, and underscores. @@ -768,7 +767,7 @@ type RelabelConfig struct { // +kubebuilder:validation:MaxLength=1000 Regex string `json:"regex,omitempty"` // targetLabel is the target label name where the result is written. - // Required for Replace and HashMod actions (enforced by validation). + // Required for Replace and HashMod actions. // When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. // Must be between 1 and 128 characters in length when specified. // +optional @@ -893,7 +892,6 @@ type SecretKeySelector struct { } // VolumeClaimConfig defines the configuration for a PersistentVolumeClaim used for storage. -// +kubebuilder:validation:MinProperties=1 type VolumeClaimConfig struct { // storageClassName is the name of the StorageClass to use for the PersistentVolumeClaim. // When omitted, the default StorageClass is used. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 7eafe6526f6..3106341b14f 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -456,7 +456,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- @@ -996,9 +995,10 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: 'must be a valid DNS subdomain: lowercase alphanumeric, - hyphens, or periods' - rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' pathPrefix: description: |- pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. @@ -1469,7 +1469,7 @@ spec: targetLabel: description: |- targetLabel is the target label name where the result is written. - Required for Replace and HashMod actions (enforced by validation). + Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified. maxLength: 128 @@ -1483,7 +1483,7 @@ spec: - message: targetLabel is required when action is Replace or HashMod rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != '''' : true' + && self.targetLabel != ” : true' maxItems: 10 type: array x-kubernetes-list-map-keys: @@ -1852,7 +1852,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 76831cf5c8e..816ed51da56 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -456,7 +456,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- @@ -996,9 +995,10 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: 'must be a valid DNS subdomain: lowercase alphanumeric, - hyphens, or periods' - rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' pathPrefix: description: |- pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. @@ -1469,7 +1469,7 @@ spec: targetLabel: description: |- targetLabel is the target label name where the result is written. - Required for Replace and HashMod actions (enforced by validation). + Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified. maxLength: 128 @@ -1483,7 +1483,7 @@ spec: - message: targetLabel is required when action is Replace or HashMod rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != '''' : true' + && self.targetLabel != ” : true' maxItems: 10 type: array x-kubernetes-list-map-keys: @@ -1852,7 +1852,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 197b24e4797..076bb3df7c4 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -456,7 +456,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- @@ -996,9 +995,10 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: 'must be a valid DNS subdomain: lowercase alphanumeric, - hyphens, or periods' - rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' pathPrefix: description: |- pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. @@ -1469,7 +1469,7 @@ spec: targetLabel: description: |- targetLabel is the target label name where the result is written. - Required for Replace and HashMod actions (enforced by validation). + Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified. maxLength: 128 @@ -1483,7 +1483,7 @@ spec: - message: targetLabel is required when action is Replace or HashMod rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != '''' : true' + && self.targetLabel != ” : true' maxItems: 10 type: array x-kubernetes-list-map-keys: @@ -1852,7 +1852,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 1669a13655b..983bab7449a 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -456,7 +456,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- @@ -996,9 +995,10 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: 'must be a valid DNS subdomain: lowercase alphanumeric, - hyphens, or periods' - rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' pathPrefix: description: |- pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. @@ -1469,7 +1469,7 @@ spec: targetLabel: description: |- targetLabel is the target label name where the result is written. - Required for Replace and HashMod actions (enforced by validation). + Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified. maxLength: 128 @@ -1483,7 +1483,7 @@ spec: - message: targetLabel is required when action is Replace or HashMod rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != '''' : true' + && self.targetLabel != ” : true' maxItems: 10 type: array x-kubernetes-list-map-keys: @@ -1852,7 +1852,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index 26cb0145d85..2d4c2887bd3 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -280,7 +280,7 @@ var map_RelabelConfig = map[string]string{ "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. Each entry must be a valid label name (non-empty). The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression for the replace, keep, or drop actions. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Maximum of 10 source labels can be specified, each between 1 and 128 characters.", "separator": "separator is the character sequence used to join source label values. Common examples: \";\" (default), \",\", \"::\", \"|||\". When omitted, defaults to \";\" (semicolon). Must be between 1 and 5 characters in length when specified.", "regex": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, defaults to \"(.*)\" (matches everything). Must be between 1 and 1000 characters in length when specified.", - "targetLabel": "targetLabel is the target label name where the result is written. Required for Replace and HashMod actions (enforced by validation). When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified.", + "targetLabel": "targetLabel is the target label name where the result is written. Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified.", "replacement": "replacement is the value against which a regex replace is performed if the regular expression matches. Regex capture groups are available (e.g., $1, $2). When omitted, defaults to \"$1\" (the first capture group). Setting to an empty string (\"\") explicitly clears the target label value. Must be at most 255 characters in length.", "action": "action is the action to perform on the matched labels. Valid actions are:\n - Replace: Replaces the value of targetLabel with replacement, using regex capture groups.\n - Keep: Keeps only metrics where regex matches the source labels.\n - Drop: Drops metrics where regex matches the source labels.\n - HashMod: Sets targetLabel to the hash modulus of the source labels.\n - LabelMap: Copies labels matching regex to new label names derived from replacement.\n - LabelDrop: Drops labels matching regex.\n - LabelKeep: Keeps only labels matching regex.", } diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index a802aff348d..9c45cad88a6 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -24105,7 +24105,7 @@ func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCall }, "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the target label name where the result is written. Required for Replace and HashMod actions (enforced by validation). When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified.", + Description: "targetLabel is the target label name where the result is written. Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified.", Type: []string{"string"}, Format: "", }, diff --git a/openapi/openapi.json b/openapi/openapi.json index a87ef3c4b0d..142650589b2 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -13210,7 +13210,7 @@ "x-kubernetes-list-type": "set" }, "targetLabel": { - "description": "targetLabel is the target label name where the result is written. Required for Replace and HashMod actions (enforced by validation). When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified.", + "description": "targetLabel is the target label name where the result is written. Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified.", "type": "string" } } diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 7eafe6526f6..3106341b14f 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -456,7 +456,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- @@ -996,9 +995,10 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: 'must be a valid DNS subdomain: lowercase alphanumeric, - hyphens, or periods' - rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' pathPrefix: description: |- pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. @@ -1469,7 +1469,7 @@ spec: targetLabel: description: |- targetLabel is the target label name where the result is written. - Required for Replace and HashMod actions (enforced by validation). + Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified. maxLength: 128 @@ -1483,7 +1483,7 @@ spec: - message: targetLabel is required when action is Replace or HashMod rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != '''' : true' + && self.targetLabel != ” : true' maxItems: 10 type: array x-kubernetes-list-map-keys: @@ -1852,7 +1852,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 76831cf5c8e..816ed51da56 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -456,7 +456,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- @@ -996,9 +995,10 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: 'must be a valid DNS subdomain: lowercase alphanumeric, - hyphens, or periods' - rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' pathPrefix: description: |- pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. @@ -1469,7 +1469,7 @@ spec: targetLabel: description: |- targetLabel is the target label name where the result is written. - Required for Replace and HashMod actions (enforced by validation). + Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified. maxLength: 128 @@ -1483,7 +1483,7 @@ spec: - message: targetLabel is required when action is Replace or HashMod rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != '''' : true' + && self.targetLabel != ” : true' maxItems: 10 type: array x-kubernetes-list-map-keys: @@ -1852,7 +1852,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 197b24e4797..076bb3df7c4 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -456,7 +456,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- @@ -996,9 +995,10 @@ spec: minLength: 1 type: string x-kubernetes-validations: - - message: 'must be a valid DNS subdomain: lowercase alphanumeric, - hyphens, or periods' - rule: self.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$') + - message: a lowercase RFC 1123 subdomain must consist of + lower case alphanumeric characters, '-' or '.', and + must start and end with an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' pathPrefix: description: |- pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. @@ -1469,7 +1469,7 @@ spec: targetLabel: description: |- targetLabel is the target label name where the result is written. - Required for Replace and HashMod actions (enforced by validation). + Required for Replace and HashMod actions. When omitted for other actions (Keep, Drop, LabelMap, LabelDrop, LabelKeep), no target label is set. Must be between 1 and 128 characters in length when specified. maxLength: 128 @@ -1483,7 +1483,7 @@ spec: - message: targetLabel is required when action is Replace or HashMod rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != '''' : true' + && self.targetLabel != ” : true' maxItems: 10 type: array x-kubernetes-list-map-keys: @@ -1852,7 +1852,6 @@ spec: configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts. - minProperties: 1 properties: sizeInGiB: description: |- From 03d3a6fe1d9c634008c0712e8d3ddc1b7353df14 Mon Sep 17 00:00:00 2001 From: Mario Fernandez Date: Fri, 9 Jan 2026 17:31:02 +0100 Subject: [PATCH 3/3] fix bot suggestion Signed-off-by: Mario Fernandez --- config/v1alpha1/types_cluster_monitoring.go | 2 +- ...ig-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml | 4 ++-- ...perator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml | 4 ++-- ...erator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml | 4 ++-- .../ClusterMonitoringConfig.yaml | 4 ++-- ...ig-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml | 4 ++-- ...perator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml | 4 ++-- ...erator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml | 4 ++-- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 7052252a577..87aefd9e5e6 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -726,7 +726,7 @@ type RemoteWriteSpec struct { } // RelabelConfig represents a relabeling rule. -// +kubebuilder:validation:XValidation:rule="self.action in ['Replace', 'HashMod'] ? has(self.targetLabel) && self.targetLabel != ” : true",message="targetLabel is required when action is Replace or HashMod" +// +kubebuilder:validation:XValidation:rule="self.action in ['Replace', 'HashMod'] ? (has(self.targetLabel) && self.targetLabel != ”) : true",message="targetLabel is required when action is Replace or HashMod" type RelabelConfig struct { // name is a unique identifier for this relabel configuration. // Must contain only alphanumeric characters, hyphens, and underscores. diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 3106341b14f..226dbacdd17 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1482,8 +1482,8 @@ spec: x-kubernetes-validations: - message: targetLabel is required when action is Replace or HashMod - rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != ” : true' + rule: 'self.action in [''Replace'', ''HashMod''] ? (has(self.targetLabel) + && self.targetLabel != ”) : true' maxItems: 10 type: array x-kubernetes-list-map-keys: diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 816ed51da56..344c8c4b817 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1482,8 +1482,8 @@ spec: x-kubernetes-validations: - message: targetLabel is required when action is Replace or HashMod - rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != ” : true' + rule: 'self.action in [''Replace'', ''HashMod''] ? (has(self.targetLabel) + && self.targetLabel != ”) : true' maxItems: 10 type: array x-kubernetes-list-map-keys: diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 076bb3df7c4..30e908aa6c2 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1482,8 +1482,8 @@ spec: x-kubernetes-validations: - message: targetLabel is required when action is Replace or HashMod - rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != ” : true' + rule: 'self.action in [''Replace'', ''HashMod''] ? (has(self.targetLabel) + && self.targetLabel != ”) : true' maxItems: 10 type: array x-kubernetes-list-map-keys: diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 983bab7449a..cc7987cf18f 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -1482,8 +1482,8 @@ spec: x-kubernetes-validations: - message: targetLabel is required when action is Replace or HashMod - rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != ” : true' + rule: 'self.action in [''Replace'', ''HashMod''] ? (has(self.targetLabel) + && self.targetLabel != ”) : true' maxItems: 10 type: array x-kubernetes-list-map-keys: diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml index 3106341b14f..226dbacdd17 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-CustomNoUpgrade.crd.yaml @@ -1482,8 +1482,8 @@ spec: x-kubernetes-validations: - message: targetLabel is required when action is Replace or HashMod - rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != ” : true' + rule: 'self.action in [''Replace'', ''HashMod''] ? (has(self.targetLabel) + && self.targetLabel != ”) : true' maxItems: 10 type: array x-kubernetes-list-map-keys: diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml index 816ed51da56..344c8c4b817 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-DevPreviewNoUpgrade.crd.yaml @@ -1482,8 +1482,8 @@ spec: x-kubernetes-validations: - message: targetLabel is required when action is Replace or HashMod - rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != ” : true' + rule: 'self.action in [''Replace'', ''HashMod''] ? (has(self.targetLabel) + && self.targetLabel != ”) : true' maxItems: 10 type: array x-kubernetes-list-map-keys: diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml index 076bb3df7c4..30e908aa6c2 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings-TechPreviewNoUpgrade.crd.yaml @@ -1482,8 +1482,8 @@ spec: x-kubernetes-validations: - message: targetLabel is required when action is Replace or HashMod - rule: 'self.action in [''Replace'', ''HashMod''] ? has(self.targetLabel) - && self.targetLabel != ” : true' + rule: 'self.action in [''Replace'', ''HashMod''] ? (has(self.targetLabel) + && self.targetLabel != ”) : true' maxItems: 10 type: array x-kubernetes-list-map-keys: