podManagementPolicypodManagementPolicy defines the policy for creating/deleting pods when +scaling up and down.
+Unlike the default StatefulSet behavior, the default policy is
+Parallel to avoid manual intervention in case a pod gets stuck during
+a rollout.
Note that updating this value implies the recreation of the StatefulSet +which incurs a service outage.
+updateStrategyupdateStrategy indicates the strategy that will be employed to update +Pods in the StatefulSet when a revision is made to statefulset’s Pod +Template.
+The default strategy is RollingUpdate.
+containersminReadySeconds defines the minimum number of seconds for which a newly created pod should be ready -without any of its container crashing for it to be considered available.
+minReadySeconds defines the minimum number of seconds for which a newly +created pod should be ready without any of its container crashing for it +to be considered available.
If unset, pods will be considered available as soon as they are ready.
+When the Alertmanager version is greater than or equal to v0.30.0, the
+duration is also used to delay the first flush of the aggregation
+groups. This delay helps ensuring that all alerts have been resent by
+the Prometheus instances to Alertmanager after a roll-out. It is
+possible to override this behavior passing a custom value via
+.spec.additionalArgs.
scrapeNativeHistogramsscrapeNativeHistograms defines whether to enable scraping of native histograms. +It requires Prometheus >= v3.8.0.
+scrapeClassicHistogramstlsConfigtlsConfig defines the TLS configuration to use when scraping the endpoint.
-bearerTokenSecretbearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret -needs to be in the same namespace as the probe and accessible by -the Prometheus Operator.
-basicAuthbasicAuth allow an endpoint to authenticate over basic authentication. -More info: https://prometheus.io/docs/operating/configuration/#endpoint
-oauth2oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
-metricRelabelingsscrapeNativeHistogramsscrapeNativeHistograms defines whether to enable scraping of native histograms. +It requires Prometheus >= v3.8.0.
+scrapeClassicHistograms.spec.module field takes precedence over the <
The module name must be added using Module under ProbeSpec.
authorizationauthorization configures the Authorization header credentials used by +the client.
+Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.
basicAuthbasicAuth defines the Basic Authentication credentials used by the +client.
+Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.
oauth2oauth2 defines the OAuth2 settings used by the client.
+It requires Prometheus >= 2.27.0.
+Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.
bearerTokenSecretbearerTokenSecret defines a key of a Secret containing the bearer token +used by the client for authentication. The secret needs to be in the +same namespace as the custom resource and readable by the Prometheus +Operator.
+Cannot be set at the same time as authorization, basicAuth or oauth2.
Deprecated: use authorization instead.
followRedirectsfollowRedirects defines whether the client should follow HTTP 3xx +redirects.
+enableHttp2enableHttp2 can be used to disable HTTP2.
+tlsConfigtlsConfig defines the TLS configuration used by the client.
+podManagementPolicypodManagementPolicy defines the policy for creating/deleting pods when +scaling up and down.
+Unlike the default StatefulSet behavior, the default policy is
+Parallel to avoid manual intervention in case a pod gets stuck during
+a rollout.
Note that updating this value implies the recreation of the StatefulSet +which incurs a service outage.
+updateStrategyupdateStrategy indicates the strategy that will be employed to update +Pods in the StatefulSet when a revision is made to statefulset’s Pod +Template.
+The default strategy is RollingUpdate.
+enableServiceLinksscrapeNativeHistogramsscrapeNativeHistograms defines whether to enable scraping of native histograms. +It requires Prometheus >= v3.8.0.
+scrapeClassicHistogramstracingConfigscrapeNativeHistogramsscrapeNativeHistograms defines whether to enable scraping of native histograms. +It requires Prometheus >= v3.8.0.
+scrapeClassicHistogramspodManagementPolicypodManagementPolicy defines the policy for creating/deleting pods when +scaling up and down.
+Unlike the default StatefulSet behavior, the default policy is
+Parallel to avoid manual intervention in case a pod gets stuck during
+a rollout.
Note that updating this value implies the recreation of the StatefulSet +which incurs a service outage.
+updateStrategyupdateStrategy indicates the strategy that will be employed to update +Pods in the StatefulSet when a revision is made to statefulset’s Pod +Template.
+The default strategy is RollingUpdate.
+queryEndpointshttpConfigwebex defines the default configuration for Jira.
+webex defines the default configuration for Webex.
podManagementPolicypodManagementPolicy defines the policy for creating/deleting pods when +scaling up and down.
+Unlike the default StatefulSet behavior, the default policy is
+Parallel to avoid manual intervention in case a pod gets stuck during
+a rollout.
Note that updating this value implies the recreation of the StatefulSet +which incurs a service outage.
+updateStrategyupdateStrategy indicates the strategy that will be employed to update +Pods in the StatefulSet when a revision is made to statefulset’s Pod +Template.
+The default strategy is RollingUpdate.
+containersminReadySeconds defines the minimum number of seconds for which a newly created pod should be ready -without any of its container crashing for it to be considered available.
+minReadySeconds defines the minimum number of seconds for which a newly +created pod should be ready without any of its container crashing for it +to be considered available.
If unset, pods will be considered available as soon as they are ready.
+When the Alertmanager version is greater than or equal to v0.30.0, the
+duration is also used to delay the first flush of the aggregation
+groups. This delay helps ensuring that all alerts have been resent by
+the Prometheus instances to Alertmanager after a roll-out. It is
+possible to override this behavior passing a custom value via
+.spec.additionalArgs.
managedIdentity defines the Azure User-assigned Managed identity.
-Cannot be set at the same time as oauth or sdk.
oauth, sdk or workloadIdentity.
oauth defines the oauth config that is being used to authenticate.
-Cannot be set at the same time as managedIdentity or sdk.
managedIdentity, sdk or workloadIdentity.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
-Cannot be set at the same time as oauth or managedIdentity.
oauth, managedIdentity or workloadIdentity.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
+workloadIdentityworkloadIdentity defines the Azure Workload Identity authentication.
+Cannot be set at the same time as oauth, managedIdentity, or sdk.
It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+scopescope is the custom OAuth 2.0 scope to request when acquiring tokens. +It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
++(Appears on:AzureAD) +
+AzureWorkloadIdentity defines the Azure Workload Identity authentication configuration.
+| Field | +Description | +
|---|---|
+clientId+ +string + + |
+
+ clientId is the clientID of the Azure Active Directory application. + |
+
+tenantId+ +string + + |
+
+ tenantId is the tenant ID of the Azure Active Directory application. + |
+
-(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig) +(Appears on:APIServerConfig, AlertmanagerEndpoints, HTTPConfigWithoutTLS, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
BasicAuth configures HTTP Basic Authentication settings.
@@ -8704,6 +9034,43 @@ instead of the Pod IP’s address.podManagementPolicypodManagementPolicy defines the policy for creating/deleting pods when +scaling up and down.
+Unlike the default StatefulSet behavior, the default policy is
+Parallel to avoid manual intervention in case a pod gets stuck during
+a rollout.
Note that updating this value implies the recreation of the StatefulSet +which incurs a service outage.
+updateStrategyupdateStrategy indicates the strategy that will be employed to update +Pods in the StatefulSet when a revision is made to statefulset’s Pod +Template.
+The default strategy is RollingUpdate.
+enableServiceLinksscrapeNativeHistogramsscrapeNativeHistograms defines whether to enable scraping of native histograms. +It requires Prometheus >= v3.8.0.
+scrapeClassicHistogramstracingConfig-(Appears on:PodMonitor, Probe, PrometheusRule, ServiceMonitor, ScrapeConfig) +(Appears on:PodMonitor, Probe, PrometheusRule, ServiceMonitor, AlertmanagerConfig, ScrapeConfig, AlertmanagerConfig)
ConfigResourceStatus is the most recent observed status of the Configuration Resource (ServiceMonitor, PodMonitor, Probes, ScrapeConfig, PrometheusRule or AlertmanagerConfig). Read-only. @@ -10057,7 +10437,7 @@ DNSConfig.
string alias)-(Appears on:AlertmanagerEndpoints, AlertmanagerGlobalConfig, CommonPrometheusFields, Endpoint, MetadataConfig, PodMetricsEndpoint, ProbeSpec, PrometheusSpec, PrometheusTracingConfig, QuerySpec, QueueConfig, RemoteReadSpec, RemoteWriteSpec, RetainConfig, Rule, RuleGroup, TSDBSpec, ThanosRulerSpec, ThanosSpec, AzureSDConfig, ConsulSDConfig, DNSSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, FileSDConfig, GCESDConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OVHCloudSDConfig, OpenStackSDConfig, PuppetDBSDConfig, PushoverConfig, ScalewaySDConfig, ScrapeConfigSpec, WebhookConfig, PushoverConfig, WebhookConfig) +(Appears on:AlertmanagerEndpoints, AlertmanagerGlobalConfig, CommonPrometheusFields, Endpoint, MetadataConfig, PodMetricsEndpoint, ProbeSpec, PrometheusSpec, QuerySpec, QueueConfig, RemoteReadSpec, RemoteWriteSpec, RetainConfig, Rule, RuleGroup, TSDBSpec, ThanosRulerSpec, ThanosSpec, TracingConfig, AzureSDConfig, ConsulSDConfig, DNSSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, FileSDConfig, GCESDConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OVHCloudSDConfig, OpenStackSDConfig, PagerDutyConfig, PuppetDBSDConfig, PushoverConfig, ScalewaySDConfig, ScrapeConfigSpec, SlackConfig, WebhookConfig, PagerDutyConfig, PushoverConfig, SlackConfig, WebhookConfig)
Duration is a valid time duration that can be parsed by Prometheus model.ParseDuration() function. @@ -10486,264 +10866,266 @@ The value cannot be greater than the scrape interval otherwise the operator will
tlsConfighonorLabelstlsConfig defines the TLS configuration to use when scraping the target.
+honorLabels defines when true the metric’s labels when they collide +with the target’s labels.
bearerTokenFilehonorTimestampsbearerTokenFile defines the file to read bearer token for scraping the target.
-Deprecated: use authorization instead.
honorTimestamps defines whether Prometheus preserves the timestamps +when exposed by the target.
bearerTokenSecrettrackTimestampsStalenessbearerTokenSecret defines a key of a Secret containing the bearer -token for scraping targets. The secret needs to be in the same namespace -as the ServiceMonitor object and readable by the Prometheus Operator.
-Deprecated: use authorization instead.
trackTimestampsStaleness defines whether Prometheus tracks staleness of
+the metrics that have an explicit timestamp present in scraped data.
+Has no effect if honorTimestamps is false.
It requires Prometheus >= v2.48.0.
authorizationmetricRelabelingsauthorization configures the Authorization header credentials to use when -scraping the target.
-Cannot be set at the same time as basicAuth, or oauth2.
metricRelabelings defines the relabeling rules to apply to the +samples before ingestion.
honorLabelsrelabelingshonorLabels defines when true the metric’s labels when they collide -with the target’s labels.
+relabelings defines the relabeling rules to apply the target’s +metadata labels.
+The Operator automatically adds relabelings for a few standard Kubernetes fields.
+The original scrape job’s name is available via the __tmp_prometheus_job_name label.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
honorTimestampsfilterRunninghonorTimestamps defines whether Prometheus preserves the timestamps -when exposed by the target.
+filterRunning when true, the pods which are not running (e.g. either in Failed or +Succeeded state) are dropped during the target discovery.
+If unset, the filtering is enabled.
+More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
trackTimestampsStalenessbearerTokenFiletrackTimestampsStaleness defines whether Prometheus tracks staleness of
-the metrics that have an explicit timestamp present in scraped data.
-Has no effect if honorTimestamps is false.
It requires Prometheus >= v2.48.0.
+bearerTokenFile defines the file to read bearer token for scraping the target.
+Deprecated: use authorization instead.
basicAuthauthorizationbasicAuth defines the Basic Authentication credentials to use when -scraping the target.
-Cannot be set at the same time as authorization, or oauth2.
authorization configures the Authorization header credentials used by +the client.
+Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.
oauth2basicAuthoauth2 defines the OAuth2 settings to use when scraping the target.
-It requires Prometheus >= 2.27.0.
-Cannot be set at the same time as authorization, or basicAuth.
basicAuth defines the Basic Authentication credentials used by the +client.
+Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.
metricRelabelingsoauth2metricRelabelings defines the relabeling rules to apply to the -samples before ingestion.
+oauth2 defines the OAuth2 settings used by the client.
+It requires Prometheus >= 2.27.0.
+Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.
relabelingsbearerTokenSecretrelabelings defines the relabeling rules to apply the target’s -metadata labels.
-The Operator automatically adds relabelings for a few standard Kubernetes fields.
-The original scrape job’s name is available via the __tmp_prometheus_job_name label.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+bearerTokenSecret defines a key of a Secret containing the bearer token +used by the client for authentication. The secret needs to be in the +same namespace as the custom resource and readable by the Prometheus +Operator.
+Cannot be set at the same time as authorization, basicAuth or oauth2.
Deprecated: use authorization instead.
proxyUrlfollowRedirectsproxyUrl defines the HTTP proxy server to use.
+followRedirects defines whether the client should follow HTTP 3xx +redirects.
noProxyenableHttp2noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names -that should be excluded from proxying. IP and domain names can -contain port numbers.
-It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
+enableHttp2 can be used to disable HTTP2.
proxyFromEnvironmenttlsConfigproxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
-It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
+tlsConfig defines TLS configuration used by the client.
proxyConnectHeaderproxyUrlproxyConnectHeader optionally specifies headers to send to -proxies during CONNECT requests.
-It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
+proxyUrl defines the HTTP proxy server to use.
followRedirectsnoProxyfollowRedirects defines whether the scrape requests should follow HTTP -3xx redirects.
+noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names +that should be excluded from proxying. IP and domain names can +contain port numbers.
+It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
enableHttp2proxyFromEnvironmentenableHttp2 can be used to disable HTTP2 when scraping the target.
+proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
filterRunningproxyConnectHeaderfilterRunning when true, the pods which are not running (e.g. either in Failed or -Succeeded state) are dropped during the target discovery.
-If unset, the filtering is enabled.
-More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
+proxyConnectHeader optionally specifies headers to send to +proxies during CONNECT requests.
+It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
45ms, 30s, 1m, 1h20m15sHTTPConfig
+(Appears on:HTTPConfigWithProxy, ProbeSpec)
+
+
+HTTPConfig defines the HTTP configuration + TLS configuration (only from
+secret/configmap references).
+
+
+
+
+Field
+Description
+
+
+
+
+
+authorization
+
+
+SafeAuthorization
+
+
+
+
+(Optional)
+authorization configures the Authorization header credentials used by
+the client.
+Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.
+
+
+
+
+basicAuth
+
+
+BasicAuth
+
+
+
+
+(Optional)
+basicAuth defines the Basic Authentication credentials used by the
+client.
+Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.
+
+
+
+
+oauth2
+
+
+OAuth2
+
+
+
+
+(Optional)
+oauth2 defines the OAuth2 settings used by the client.
+It requires Prometheus >= 2.27.0.
+Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.
+
+
+
+
+bearerTokenSecret
+
+
+Kubernetes core/v1.SecretKeySelector
+
+
+
+
+(Optional)
+bearerTokenSecret defines a key of a Secret containing the bearer token
+used by the client for authentication. The secret needs to be in the
+same namespace as the custom resource and readable by the Prometheus
+Operator.
+Cannot be set at the same time as authorization, basicAuth or oauth2.
+Deprecated: use authorization instead.
+
+
+
+
+followRedirects
+
+bool
+
+
+
+(Optional)
+followRedirects defines whether the client should follow HTTP 3xx
+redirects.
+
+
+
+
+enableHttp2
+
+bool
+
+
+
+(Optional)
+enableHttp2 can be used to disable HTTP2.
+
+
+
+
+tlsConfig
+
+
+SafeTLSConfig
+
+
+
+
+(Optional)
+tlsConfig defines the TLS configuration used by the client.
+
+
+
+
+HTTPConfigWithProxy
+
+
(Appears on:AlertmanagerGlobalConfig, PodMetricsEndpoint)
-HTTPConfig defines the configuration for the HTTP client.
+HTTPConfigWithProxy defines the configuration for the HTTP client with proxy
+configuration. It is used for PodMonitor endpoints and Probes.
@@ -11279,6 +11787,31 @@ Operator.
+followRedirects
+
+bool
+
+
+
+(Optional)
+followRedirects defines whether the client should follow HTTP 3xx
+redirects.
+
+
+
+
+enableHttp2
+
+bool
+
+
+
+(Optional)
+enableHttp2 can be used to disable HTTP2.
+
+
+
+
tlsConfig
@@ -11347,6 +11880,398 @@ proxies during CONNECT requests.
It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
+
+
+HTTPConfigWithProxyAndTLSFiles
+
+
+(Appears on:Endpoint)
+
+
+HTTPConfigWithProxyAndTLSFiles defines the configuration for the HTTP client
+with proxy configuration and TLS configuration. It is used for
+ServiceMonitor endpoints.
+
+
+
+
+Field
+Description
+
+
+
+
+
+authorization
+
+
+SafeAuthorization
+
+
+
+
+(Optional)
+authorization configures the Authorization header credentials used by
+the client.
+Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.
+
+
+
+
+basicAuth
+
+
+BasicAuth
+
+
+
+
+(Optional)
+basicAuth defines the Basic Authentication credentials used by the
+client.
+Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.
+
+
+
+
+oauth2
+
+
+OAuth2
+
+
+
+
+(Optional)
+oauth2 defines the OAuth2 settings used by the client.
+It requires Prometheus >= 2.27.0.
+Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.
+
+
+
+
+bearerTokenSecret
+
+
+Kubernetes core/v1.SecretKeySelector
+
+
+
+
+(Optional)
+bearerTokenSecret defines a key of a Secret containing the bearer token
+used by the client for authentication. The secret needs to be in the
+same namespace as the custom resource and readable by the Prometheus
+Operator.
+Cannot be set at the same time as authorization, basicAuth or oauth2.
+Deprecated: use authorization instead.
+
+
+
+
+followRedirects
+
+bool
+
+
+
+(Optional)
+followRedirects defines whether the client should follow HTTP 3xx
+redirects.
+
+
+
+
+enableHttp2
+
+bool
+
+
+
+(Optional)
+enableHttp2 can be used to disable HTTP2.
+
+
+
+
+tlsConfig
+
+
+TLSConfig
+
+
+
+
+(Optional)
+tlsConfig defines TLS configuration used by the client.
+
+
+
+
+proxyUrl
+
+string
+
+
+
+(Optional)
+proxyUrl defines the HTTP proxy server to use.
+
+
+
+
+noProxy
+
+string
+
+
+
+(Optional)
+noProxy defines a comma-separated string that can contain IPs, CIDR notation, domain names
+that should be excluded from proxying. IP and domain names can
+contain port numbers.
+It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
+
+
+
+
+proxyFromEnvironment
+
+bool
+
+
+
+(Optional)
+proxyFromEnvironment defines whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).
+It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
+
+
+
+
+proxyConnectHeader
+
+
+map[string][]Kubernetes core/v1.SecretKeySelector
+
+
+
+
+(Optional)
+proxyConnectHeader optionally specifies headers to send to
+proxies during CONNECT requests.
+It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
+
+
+
+
+HTTPConfigWithTLSFiles
+
+
+(Appears on:HTTPConfigWithProxyAndTLSFiles)
+
+
+HTTPConfigWithTLSFiles defines HTTP configuration + TLS configuration
+(from secret/configmap references as well as files).
+
+
+
+
+Field
+Description
+
+
+
+
+
+authorization
+
+
+SafeAuthorization
+
+
+
+
+(Optional)
+authorization configures the Authorization header credentials used by
+the client.
+Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.
+
+
+
+
+basicAuth
+
+
+BasicAuth
+
+
+
+
+(Optional)
+basicAuth defines the Basic Authentication credentials used by the
+client.
+Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.
+
+
+
+
+oauth2
+
+
+OAuth2
+
+
+
+
+(Optional)
+oauth2 defines the OAuth2 settings used by the client.
+It requires Prometheus >= 2.27.0.
+Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.
+
+
+
+
+bearerTokenSecret
+
+
+Kubernetes core/v1.SecretKeySelector
+
+
+
+
+(Optional)
+bearerTokenSecret defines a key of a Secret containing the bearer token
+used by the client for authentication. The secret needs to be in the
+same namespace as the custom resource and readable by the Prometheus
+Operator.
+Cannot be set at the same time as authorization, basicAuth or oauth2.
+Deprecated: use authorization instead.
+
+
+
+
+followRedirects
+
+bool
+
+
+
+(Optional)
+followRedirects defines whether the client should follow HTTP 3xx
+redirects.
+
+
+
+
+enableHttp2
+
+bool
+
+
+
+(Optional)
+enableHttp2 can be used to disable HTTP2.
+
+
+
+
+tlsConfig
+
+
+TLSConfig
+
+
+
+
+(Optional)
+tlsConfig defines TLS configuration used by the client.
+
+
+
+
+HTTPConfigWithoutTLS
+
+
+(Appears on:HTTPConfig, HTTPConfigWithTLSFiles)
+
+
+HTTPConfigWithoutTLS defines the configuration for the HTTP client.
+
+
+
+
+Field
+Description
+
+
+
+
+
+authorization
+
+
+SafeAuthorization
+
+
+
+
+(Optional)
+authorization configures the Authorization header credentials used by
+the client.
+Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.
+
+
+
+
+basicAuth
+
+
+BasicAuth
+
+
+
+
+(Optional)
+basicAuth defines the Basic Authentication credentials used by the
+client.
+Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.
+
+
+
+
+oauth2
+
+
+OAuth2
+
+
+
+
+(Optional)
+oauth2 defines the OAuth2 settings used by the client.
+It requires Prometheus >= 2.27.0.
+Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.
+
+
+
+
+bearerTokenSecret
+
+
+Kubernetes core/v1.SecretKeySelector
+
+
+
+
+(Optional)
+bearerTokenSecret defines a key of a Secret containing the bearer token
+used by the client for authentication. The secret needs to be in the
+same namespace as the custom resource and readable by the Prometheus
+Operator.
+Cannot be set at the same time as authorization, basicAuth or oauth2.
+Deprecated: use authorization instead.
+
+
followRedirects
@@ -11681,6 +12606,19 @@ list restricting them.
+scrapeNativeHistograms
+
+bool
+
+
+
+(Optional)
+scrapeNativeHistograms defines whether to enable scraping of native histograms.
+It requires Prometheus >= v3.8.0.
+
+
+
+
scrapeClassicHistograms
bool
@@ -11752,7 +12690,7 @@ Examples: 30s, 1m, 1h20m15s, 15dOAuth2
-(Appears on:Endpoint, HTTPConfig, ProbeSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
+(Appears on:HTTPConfigWithoutTLS, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
OAuth2 configures OAuth2 settings.
@@ -12184,6 +13122,33 @@ string
+PodManagementPolicyType
+(string alias)
+
+(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)
+
+
+
+
+
+
+Value
+Description
+
+
+"OrderedReady"
OrderedReadyPodManagement will create pods in strictly increasing order on
+scale up and strictly decreasing order on scale down, progressing only when
+the previous pod is ready or terminated. At most one pod will be changed
+at any time.
+"Parallel"
ParallelPodManagement will create and delete pods as soon as the stateful set
+replica count is changed, and will not wait for pods to be ready or complete
+termination.
+
PodMetricsEndpoint
@@ -12484,6 +13449,31 @@ Operator.
+followRedirects
+
+bool
+
+
+
+(Optional)
+followRedirects defines whether the client should follow HTTP 3xx
+redirects.
+
+
+
+
+enableHttp2
+
+bool
+
+
+
+(Optional)
+enableHttp2 can be used to disable HTTP2.
+
+
+
+
tlsConfig
@@ -12552,31 +13542,6 @@ proxies during CONNECT requests.
It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
-
-
-followRedirects
-
-bool
-
-
-
-(Optional)
-followRedirects defines whether the client should follow HTTP 3xx
-redirects.
-
-
-
-
-enableHttp2
-
-bool
-
-
-
-(Optional)
-enableHttp2 can be used to disable HTTP2.
-
-
PodMonitorSpec
@@ -12786,6 +13751,19 @@ uint64
+scrapeNativeHistograms
+
+bool
+
+
+
+(Optional)
+scrapeNativeHistograms defines whether to enable scraping of native histograms.
+It requires Prometheus >= v3.8.0.
+
+
+
+
scrapeClassicHistograms
bool
@@ -13046,65 +14024,6 @@ The value cannot be greater than the scrape interval otherwise the operator will
-tlsConfig
-
-
-SafeTLSConfig
-
-
-
-
-(Optional)
-tlsConfig defines the TLS configuration to use when scraping the endpoint.
-
-
-
-
-bearerTokenSecret
-
-
-Kubernetes core/v1.SecretKeySelector
-
-
-
-
-(Optional)
-bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret
-needs to be in the same namespace as the probe and accessible by
-the Prometheus Operator.
-
-
-
-
-basicAuth
-
-
-BasicAuth
-
-
-
-
-(Optional)
-basicAuth allow an endpoint to authenticate over basic authentication.
-More info: https://prometheus.io/docs/operating/configuration/#endpoint
-
-
-
-
-oauth2
-
-
-OAuth2
-
-
-
-
-(Optional)
-oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
-
-
-
-
metricRelabelings
@@ -13228,6 +14147,19 @@ Only valid in Prometheus versions 2.27.0 and newer.
+scrapeNativeHistograms
+
+bool
+
+
+
+(Optional)
+scrapeNativeHistograms defines whether to enable scraping of native histograms.
+It requires Prometheus >= v3.8.0.
+
+
+
+
scrapeClassicHistograms
bool
@@ -13325,6 +14257,112 @@ Please note that the .spec.module field takes precedence over the <
The module name must be added using Module under ProbeSpec.
+
+
+authorization
+
+
+SafeAuthorization
+
+
+
+
+(Optional)
+authorization configures the Authorization header credentials used by
+the client.
+Cannot be set at the same time as basicAuth, bearerTokenSecret or oauth2.
+
+
+
+
+basicAuth
+
+
+BasicAuth
+
+
+
+
+(Optional)
+basicAuth defines the Basic Authentication credentials used by the
+client.
+Cannot be set at the same time as authorization, bearerTokenSecret or oauth2.
+
+
+
+
+oauth2
+
+
+OAuth2
+
+
+
+
+(Optional)
+oauth2 defines the OAuth2 settings used by the client.
+It requires Prometheus >= 2.27.0.
+Cannot be set at the same time as authorization, basicAuth or bearerTokenSecret.
+
+
+
+
+bearerTokenSecret
+
+
+Kubernetes core/v1.SecretKeySelector
+
+
+
+
+(Optional)
+bearerTokenSecret defines a key of a Secret containing the bearer token
+used by the client for authentication. The secret needs to be in the
+same namespace as the custom resource and readable by the Prometheus
+Operator.
+Cannot be set at the same time as authorization, basicAuth or oauth2.
+Deprecated: use authorization instead.
+
+
+
+
+followRedirects
+
+bool
+
+
+
+(Optional)
+followRedirects defines whether the client should follow HTTP 3xx
+redirects.
+
+
+
+
+enableHttp2
+
+bool
+
+
+
+(Optional)
+enableHttp2 can be used to disable HTTP2.
+
+
+
+
+tlsConfig
+
+
+SafeTLSConfig
+
+
+
+
+(Optional)
+tlsConfig defines the TLS configuration used by the client.
+
+
ProbeTargetIngress
@@ -14520,6 +15558,43 @@ instead of the Pod IP’s address.
+podManagementPolicy
+
+
+PodManagementPolicyType
+
+
+
+
+(Optional)
+podManagementPolicy defines the policy for creating/deleting pods when
+scaling up and down.
+Unlike the default StatefulSet behavior, the default policy is
+Parallel to avoid manual intervention in case a pod gets stuck during
+a rollout.
+Note that updating this value implies the recreation of the StatefulSet
+which incurs a service outage.
+
+
+
+
+updateStrategy
+
+
+StatefulSetUpdateStrategy
+
+
+
+
+(Optional)
+updateStrategy indicates the strategy that will be employed to update
+Pods in the StatefulSet when a revision is made to statefulset’s Pod
+Template.
+The default strategy is RollingUpdate.
+
+
+
+
enableServiceLinks
bool
@@ -14940,6 +16015,19 @@ histogram with custom buckets.
+scrapeNativeHistograms
+
+bool
+
+
+
+(Optional)
+scrapeNativeHistograms defines whether to enable scraping of native histograms.
+It requires Prometheus >= v3.8.0.
+
+
+
+
scrapeClassicHistograms
bool
@@ -15066,8 +16154,8 @@ PodMonitor and ServiceMonitor objects.
tracingConfig
-
-PrometheusTracingConfig
+
+TracingConfig
@@ -15842,124 +16930,6 @@ string
-PrometheusTracingConfig
-
-
-(Appears on:CommonPrometheusFields)
-
-
-
-
-
-
-Field
-Description
-
-
-
-
-
-clientType
-
-string
-
-
-
-(Optional)
-clientType defines the client used to export the traces. Supported values are http or grpc.
-
-
-
-
-endpoint
-
-string
-
-
-
-endpoint to send the traces to. Should be provided in format :.
-
-
-
-
-samplingFraction
-
-
-k8s.io/apimachinery/pkg/api/resource.Quantity
-
-
-
-
-(Optional)
-samplingFraction defines the probability a given trace will be sampled. Must be a float from 0 through 1.
-
-
-
-
-insecure
-
-bool
-
-
-
-(Optional)
-insecure if disabled, the client will use a secure connection.
-
-
-
-
-headers
-
-map[string]string
-
-
-
-(Optional)
-headers defines the key-value pairs to be used as headers associated with gRPC or HTTP requests.
-
-
-
-
-compression
-
-string
-
-
-
-(Optional)
-compression key for supported compression types. The only supported value is gzip.
-
-
-
-
-timeout
-
-
-Duration
-
-
-
-
-(Optional)
-timeout defines the maximum time the exporter will wait for each batch export.
-
-
-
-
-tlsConfig
-
-
-TLSConfig
-
-
-
-
-(Optional)
-tlsConfig to use when sending traces.
-
-
-
-
PrometheusWebSpec
@@ -16034,7 +17004,7 @@ A zero value means that Prometheus doesn’t accept any incoming connection.
ProxyConfig
-(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, HTTPConfig, OAuth2, ProberSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, HTTPConfig)
+(Appears on:APIServerConfig, AlertmanagerEndpoints, HTTPConfigWithProxy, HTTPConfigWithProxyAndTLSFiles, OAuth2, ProberSpec, RemoteReadSpec, RemoteWriteSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, HTTPConfig)
@@ -17174,6 +18144,45 @@ Duration
+RollingUpdateStatefulSetStrategy
+
+
+(Appears on:StatefulSetUpdateStrategy)
+
+
+RollingUpdateStatefulSetStrategy is used to communicate parameter for the RollingUpdate strategy.
+
+
+
+
+Field
+Description
+
+
+
+
+
+maxUnavailable
+
+
+k8s.io/apimachinery/pkg/util/intstr.IntOrString
+
+
+
+
+(Optional)
+maxUnavailable is the maximum number of pods that can be unavailable
+during the update. The value can be an absolute number (ex: 5) or a
+percentage of desired pods (ex: 10%). Absolute number is calculated from
+percentage by rounding up. This can not be 0. Defaults to 1. This field
+is alpha-level and is only honored by servers that enable the
+MaxUnavailableStatefulSet feature. The field applies to all pods in the
+range 0 to Replicas-1. That means if there is any unavailable pod in
+the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+
+
+
+
Rule
@@ -17524,7 +18533,7 @@ See: https://tip.golang.org/d
SafeAuthorization
-(Appears on:AlertmanagerEndpoints, Authorization, Endpoint, HTTPConfig, ProbeSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
+(Appears on:AlertmanagerEndpoints, Authorization, HTTPConfigWithoutTLS, ProbeSpec, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, PuppetDBSDConfig, ScrapeConfigSpec, HTTPConfig)
SafeAuthorization specifies a subset of the Authorization struct, that is
@@ -17572,10 +18581,10 @@ Kubernetes core/v1.SecretKeySelector
SafeTLSConfig
-(Appears on:ClusterTLSConfig, GlobalSMTPConfig, HTTPConfig, OAuth2, ProbeSpec, TLSConfig, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig)
+(Appears on:ClusterTLSConfig, GlobalSMTPConfig, HTTPConfig, OAuth2, TLSConfig, AzureSDConfig, ConsulSDConfig, DigitalOceanSDConfig, DockerSDConfig, DockerSwarmSDConfig, EC2SDConfig, EmailConfig, EurekaSDConfig, HTTPConfig, HTTPSDConfig, HetznerSDConfig, IonosSDConfig, KubernetesSDConfig, KumaSDConfig, LightSailSDConfig, LinodeSDConfig, NomadSDConfig, OpenStackSDConfig, PuppetDBSDConfig, ScalewaySDConfig, ScrapeConfigSpec, EmailConfig, HTTPConfig)
-SafeTLSConfig specifies safe TLS configuration parameters.
+SafeTLSConfig defines safe TLS configurations.
@@ -18189,6 +19198,19 @@ uint64
+scrapeNativeHistograms
+
+bool
+
+
+
+(Optional)
+scrapeNativeHistograms defines whether to enable scraping of native histograms.
+It requires Prometheus >= v3.8.0.
+
+
+
+
scrapeClassicHistograms
bool
@@ -18542,6 +19564,87 @@ It requires Prometheus >= v2.54.0.
+StatefulSetUpdateStrategy
+
+
+(Appears on:AlertmanagerSpec, CommonPrometheusFields, ThanosRulerSpec)
+
+
+StatefulSetUpdateStrategy indicates the strategy used when updating the
+StatefulSet. It includes any additional parameters necessary to perform the
+update for the indicated strategy.
+
+
+
+
+Field
+Description
+
+
+
+
+
+type
+
+
+StatefulSetUpdateStrategyType
+
+
+
+
+type indicates the type of the StatefulSetUpdateStrategy.
+Default is RollingUpdate.
+
+
+
+
+rollingUpdate
+
+
+RollingUpdateStatefulSetStrategy
+
+
+
+
+(Optional)
+rollingUpdate is used to communicate parameters when type is RollingUpdate.
+
+
+
+
+StatefulSetUpdateStrategyType
+(string alias)
+
+(Appears on:StatefulSetUpdateStrategy)
+
+
+StatefulSetUpdateStrategyType is a string enumeration type that enumerates
+all possible update strategies for the StatefulSet pods.
+
+
+
+
+Value
+Description
+
+
+"OnDelete"
OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version
+tracking and ordered rolling restarts are disabled. Pods are recreated
+from the StatefulSetSpec when they are manually deleted. When a scale
+operation is performed with this strategy, new Pods will be created from
+the the specification version indicated by the StatefulSet’s
+currentRevision.
+"RollingUpdate"
RollingUpdateStatefulSetStrategyType indicates that update will be
+applied to all Pods in the StatefulSet with respect to the StatefulSet
+ordering constraints. When a scale operation is performed with this
+strategy, new Pods will be created from the specification version indicated
+by the StatefulSet’s updateRevision.
+
StorageSpec
@@ -18629,10 +19732,10 @@ is to use a label selector alongside manually created PersistentVolumes.
TLSConfig
-(Appears on:APIServerConfig, AlertmanagerEndpoints, Endpoint, PrometheusTracingConfig, RemoteReadSpec, RemoteWriteSpec, ScrapeClass, ThanosRulerSpec, ThanosSpec)
+(Appears on:APIServerConfig, AlertmanagerEndpoints, HTTPConfigWithTLSFiles, RemoteReadSpec, RemoteWriteSpec, ScrapeClass, ThanosRulerSpec, ThanosSpec, TracingConfig)
-TLSConfig extends the safe TLS configuration with file parameters.
+TLSConfig defines full TLS configuration.
@@ -18776,6 +19879,60 @@ string
+TLSFilesConfig
+
+
+(Appears on:TLSConfig)
+
+
+TLSFilesConfig extends the TLS configuration with file parameters.
+
+
+
+
+Field
+Description
+
+
+
+
+
+caFile
+
+string
+
+
+
+(Optional)
+caFile defines the path to the CA cert in the Prometheus container to use for the targets.
+
+
+
+
+certFile
+
+string
+
+
+
+(Optional)
+certFile defines the path to the client cert file in the Prometheus container for the targets.
+
+
+
+
+keyFile
+
+string
+
+
+
+(Optional)
+keyFile defines the path to the client key file in the Prometheus container for the targets.
+
+
+
+
TLSVersion
(string alias)
@@ -19210,6 +20367,43 @@ does not bind against the Pod IP.
+podManagementPolicy
+
+
+PodManagementPolicyType
+
+
+
+
+(Optional)
+podManagementPolicy defines the policy for creating/deleting pods when
+scaling up and down.
+Unlike the default StatefulSet behavior, the default policy is
+Parallel to avoid manual intervention in case a pod gets stuck during
+a rollout.
+Note that updating this value implies the recreation of the StatefulSet
+which incurs a service outage.
+
+
+
+
+updateStrategy
+
+
+StatefulSetUpdateStrategy
+
+
+
+
+(Optional)
+updateStrategy indicates the strategy that will be employed to update
+Pods in the StatefulSet when a revision is made to statefulset’s Pod
+Template.
+The default strategy is RollingUpdate.
+
+
+
+
queryEndpoints
[]string
@@ -20532,6 +21726,124 @@ AdditionalLabelSelectors
+TracingConfig
+
+
+(Appears on:CommonPrometheusFields)
+
+
+
+
+
+
+Field
+Description
+
+
+
+
+
+clientType
+
+string
+
+
+
+(Optional)
+clientType defines the client used to export the traces. Supported values are HTTP and GRPC.
+
+
+
+
+endpoint
+
+string
+
+
+
+endpoint to send the traces to. Should be provided in format :.
+
+
+
+
+samplingFraction
+
+
+k8s.io/apimachinery/pkg/api/resource.Quantity
+
+
+
+
+(Optional)
+samplingFraction defines the probability a given trace will be sampled. Must be a float from 0 through 1.
+
+
+
+
+insecure
+
+bool
+
+
+
+(Optional)
+insecure if disabled, the client will use a secure connection.
+
+
+
+
+headers
+
+map[string]string
+
+
+
+(Optional)
+headers defines the key-value pairs to be used as headers associated with gRPC or HTTP requests.
+
+
+
+
+compression
+
+string
+
+
+
+(Optional)
+compression key for supported compression types. The only supported value is Gzip.
+
+
+
+
+timeout
+
+
+Duration
+
+
+
+
+(Optional)
+timeout defines the maximum time the exporter will wait for each batch export.
+
+
+
+
+tlsConfig
+
+
+TLSConfig
+
+
+
+
+(Optional)
+tlsConfig to use when sending traces.
+
+
+
+
TranslationStrategyOption
(string alias)
@@ -21161,6 +22473,24 @@ the resource’s namespace.
+
+
+status
+
+
+ConfigResourceStatus
+
+
+
+
+(Optional)
+status defines the status subresource. It is under active development and is updated only when the
+“StatusForConfigurationResources” feature gate is enabled.
+Most recent observed status of the ServiceMonitor. Read-only.
+More info:
+https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+
PrometheusAgent
@@ -22049,6 +23379,43 @@ instead of the Pod IP’s address.
+podManagementPolicy
+
+
+PodManagementPolicyType
+
+
+
+
+(Optional)
+podManagementPolicy defines the policy for creating/deleting pods when
+scaling up and down.
+Unlike the default StatefulSet behavior, the default policy is
+Parallel to avoid manual intervention in case a pod gets stuck during
+a rollout.
+Note that updating this value implies the recreation of the StatefulSet
+which incurs a service outage.
+
+
+
+
+updateStrategy
+
+
+StatefulSetUpdateStrategy
+
+
+
+
+(Optional)
+updateStrategy indicates the strategy that will be employed to update
+Pods in the StatefulSet when a revision is made to statefulset’s Pod
+Template.
+The default strategy is RollingUpdate.
+
+
+
+
enableServiceLinks
bool
@@ -22469,6 +23836,19 @@ histogram with custom buckets.
+scrapeNativeHistograms
+
+bool
+
+
+
+(Optional)
+scrapeNativeHistograms defines whether to enable scraping of native histograms.
+It requires Prometheus >= v3.8.0.
+
+
+
+
scrapeClassicHistograms
bool
@@ -22595,8 +23975,8 @@ PodMonitor and ServiceMonitor objects.
tracingConfig
-
-PrometheusTracingConfig
+
+TracingConfig
@@ -23594,6 +24974,19 @@ Only valid in Prometheus versions 2.27.0 and newer.
+scrapeNativeHistograms
+
+bool
+
+
+
+(Optional)
+scrapeNativeHistograms defines whether to enable scraping of native histograms.
+It requires Prometheus >= v3.8.0.
+
+
+
+
scrapeClassicHistograms
bool
@@ -29206,7 +30599,9 @@ object and accessible by the Prometheus Operator.
apiURL
-string
+
+URL
+
@@ -29517,7 +30912,9 @@ object and accessible by the Prometheus Operator.
url
-string
+
+URL
+
@@ -29541,7 +30938,9 @@ string
clientURL
-string
+
+URL
+
@@ -29677,6 +31076,21 @@ string
source defines the unique location of the affected system.
+
+
+timeout
+
+
+Duration
+
+
+
+
+(Optional)
+timeout is the maximum time allowed to invoke the pagerduty
+It requires Alertmanager >= v0.30.0.
+
+
PagerDutyImageConfig
@@ -29711,7 +31125,9 @@ string
href
-string
+
+URL
+
@@ -29753,7 +31169,9 @@ string
href
-string
+
+URL
+
@@ -30677,6 +32095,43 @@ instead of the Pod IP’s address.
+podManagementPolicy
+
+
+PodManagementPolicyType
+
+
+
+
+(Optional)
+podManagementPolicy defines the policy for creating/deleting pods when
+scaling up and down.
+Unlike the default StatefulSet behavior, the default policy is
+Parallel to avoid manual intervention in case a pod gets stuck during
+a rollout.
+Note that updating this value implies the recreation of the StatefulSet
+which incurs a service outage.
+
+
+
+
+updateStrategy
+
+
+StatefulSetUpdateStrategy
+
+
+
+
+(Optional)
+updateStrategy indicates the strategy that will be employed to update
+Pods in the StatefulSet when a revision is made to statefulset’s Pod
+Template.
+The default strategy is RollingUpdate.
+
+
+
+
enableServiceLinks
bool
@@ -31097,6 +32552,19 @@ histogram with custom buckets.
+scrapeNativeHistograms
+
+bool
+
+
+
+(Optional)
+scrapeNativeHistograms defines whether to enable scraping of native histograms.
+It requires Prometheus >= v3.8.0.
+
+
+
+
scrapeClassicHistograms
bool
@@ -31223,8 +32691,8 @@ PodMonitor and ServiceMonitor objects.
tracingConfig
-
-PrometheusTracingConfig
+
+TracingConfig
@@ -31846,7 +33314,9 @@ This is the main body text of the Pushover notification.
url
-string
+
+URL
+
@@ -31958,7 +33428,8 @@ bool
(Optional)
html defines whether notification message is HTML or plain text.
-When true, the message can include HTML formatting tags.
+When true, the message can include HTML formatting tags.
+html and monospace formatting are mutually exclusive.
@@ -33845,6 +35316,19 @@ Only valid in Prometheus versions 2.27.0 and newer.
+scrapeNativeHistograms
+
+bool
+
+
+
+(Optional)
+scrapeNativeHistograms defines whether to enable scraping of native histograms.
+It requires Prometheus >= v3.8.0.
+
+
+
+
scrapeClassicHistograms
bool
@@ -34075,7 +35559,9 @@ For buttons, this is the button text. For select menus, this is the placeholder
url
-string
+
+URL
+
@@ -34238,7 +35724,9 @@ string
titleLink
-string
+
+URL
+
@@ -34349,7 +35837,9 @@ string
iconURL
-string
+
+URL
+
@@ -34361,7 +35851,9 @@ string
imageURL
-string
+
+URL
+
@@ -34373,7 +35865,9 @@ string
thumbURL
-string
+
+URL
+
@@ -34436,6 +35930,22 @@ HTTPConfig
httpConfig defines the HTTP client configuration.
+
+
+timeout
+
+
+Duration
+
+
+
+
+(Optional)
+timeout defines the maximum time to wait for a webhook request to complete,
+before failing the request and allowing it to be retried.
+It requires Alertmanager >= v0.30.0.
+
+
SlackConfirmationField
@@ -34656,7 +36166,9 @@ bool
apiURL
-string
+
+URL
+
@@ -34924,7 +36436,7 @@ Time
URL
(string alias)
-(Appears on:DiscordConfig, KumaSDConfig, RocketChatActionConfig, RocketChatConfig, WebexConfig)
+(Appears on:DiscordConfig, KumaSDConfig, OpsGenieConfig, PagerDutyConfig, PagerDutyImageConfig, PagerDutyLinkConfig, PushoverConfig, RocketChatActionConfig, RocketChatConfig, SlackAction, SlackConfig, TelegramConfig, VictorOpsConfig, WeChatConfig, WebexConfig, WebhookConfig)
URL represents a valid URL
@@ -34978,7 +36490,9 @@ object and accessible by the Prometheus Operator.
apiUrl
-string
+
+URL
+
@@ -34995,7 +36509,6 @@ string
-(Optional)
routingKey defines a key used to map the alert to a team.
This determines which VictorOps team will receive the alert notification.
@@ -35132,7 +36645,9 @@ object and accessible by the Prometheus Operator.
apiURL
-string
+
+URL
+
@@ -35363,7 +36878,9 @@ bool
url
-string
+
+URL
+
@@ -35608,6 +37125,24 @@ the resource’s namespace.
+
+
+status
+
+
+ConfigResourceStatus
+
+
+
+
+(Optional)
+status defines the status subresource. It is under active development and is updated only when the
+“StatusForConfigurationResources” feature gate is enabled.
+Most recent observed status of the ServiceMonitor. Read-only.
+More info:
+https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+
+
AlertmanagerConfigSpec
@@ -36726,7 +38261,9 @@ object and accessible by the Prometheus Operator.
apiURL
-string
+
+URL
+
@@ -37024,7 +38561,9 @@ object and accessible by the Prometheus Operator.
url
-string
+
+URL
+
@@ -37048,7 +38587,9 @@ string
clientURL
-string
+
+URL
+
@@ -37184,6 +38725,21 @@ string
source defines the unique location of the affected system.
+
+
+timeout
+
+
+Duration
+
+
+
+
+(Optional)
+timeout is the maximum time allowed to invoke the pagerduty
+It requires Alertmanager >= v0.30.0.
+
+
PagerDutyImageConfig
@@ -37218,7 +38774,9 @@ string
href
-string
+
+URL
+
@@ -37260,7 +38818,9 @@ string
href
-string
+
+URL
+
@@ -37444,7 +39004,9 @@ This is the main body text of the Pushover notification.
url
-string
+
+URL
+
@@ -37556,7 +39118,8 @@ bool
(Optional)
html defines whether notification message is HTML or plain text.
-When true, the message can include HTML formatting tags.
+When true, the message can include HTML formatting tags.
+html and monospace formatting are mutually exclusive.
@@ -38607,7 +40170,9 @@ For buttons, this is the button text. For select menus, this is the placeholder
url
-string
+
+URL
+
@@ -38770,7 +40335,9 @@ string
titleLink
-string
+
+URL
+
@@ -38881,7 +40448,9 @@ string
iconURL
-string
+
+URL
+
@@ -38893,7 +40462,9 @@ string
imageURL
-string
+
+URL
+
@@ -38905,7 +40476,9 @@ string
thumbURL
-string
+
+URL
+
@@ -38968,6 +40541,22 @@ HTTPConfig
httpConfig defines the HTTP client configuration.
+
+
+timeout
+
+
+Duration
+
+
+
+
+(Optional)
+timeout defines the maximum time to wait for a webhook request to complete,
+before failing the request and allowing it to be retried.
+It requires Alertmanager >= v0.30.0.
+
+
SlackConfirmationField
@@ -39135,7 +40724,9 @@ bool
apiURL
-string
+
+URL
+
@@ -39446,7 +41037,7 @@ Time
URL
(string alias)
-(Appears on:DiscordConfig, RocketChatActionConfig, RocketChatConfig, WebexConfig)
+(Appears on:DiscordConfig, OpsGenieConfig, PagerDutyConfig, PagerDutyImageConfig, PagerDutyLinkConfig, PushoverConfig, RocketChatActionConfig, RocketChatConfig, SlackAction, SlackConfig, TelegramConfig, VictorOpsConfig, WeChatConfig, WebexConfig, WebhookConfig)
URL represents a valid URL
@@ -39500,7 +41091,9 @@ object and accessible by the Prometheus Operator.
apiUrl
-string
+
+URL
+
@@ -39517,7 +41110,6 @@ string
-(Optional)
routingKey defines a key used to map the alert to a team.
This determines which VictorOps team will receive the alert notification.
@@ -39654,7 +41246,9 @@ object and accessible by the Prometheus Operator.
apiURL
-string
+
+URL
+
@@ -39886,7 +41480,9 @@ bool
url
-string
+
+URL
+
diff --git a/Documentation/getting-started/compatibility.md b/Documentation/getting-started/compatibility.md
index f534f927c1e..e072f643208 100644
--- a/Documentation/getting-started/compatibility.md
+++ b/Documentation/getting-started/compatibility.md
@@ -15,14 +15,16 @@ It is recommended to use versions of the components identical or close to the ve
## Kubernetes
-Due to the use of apiextensions.k8s.io/v1 CustomResourceDefinitions, prometheus-operator requires Kubernetes >= v1.16.0.
+Due to the use of [Common Expression Language](https://kubernetes.io/docs/reference/using-api/cel/) (CEL) in Custom Resource Definitions, prometheus-operator >= v0.84.0 requires Kubernetes >= v1.25.0 (or v1.23.0 with the `CustomResourceValidationExpressions` feature gate enabled).
+
+Releases before v0.84.0 require Kubernetes >= v1.16.0.
The Prometheus Operator uses the official [Go client](https://github.com/kubernetes/client-go) for Kubernetes to communicate with the Kubernetes API. The compatibility matrix for client-go and Kubernetes clusters can be found [here](https://github.com/kubernetes/client-go#compatibility-matrix). All additional compatibility is only best effort, or happens to be still/already supported.
The current version of the Prometheus operator uses the following Go client version:
```$ mdox-exec="go list -m -f '{{ .Version }}' k8s.io/client-go"
-v0.34.2
+v0.34.3
```
## Prometheus
@@ -69,12 +71,16 @@ Prometheus Operator supports all Prometheus versions >= v2.0.0. The operator's e
* v3.7.1
* v3.7.2
* v3.7.3
+* v3.8.0
+* v3.8.1
+* v3.9.0
+* v3.9.1
```
The end-to-end tests are mostly tested against
```$ mdox-exec="go run ./cmd/po-docgen/. compatibility defaultPrometheusVersion"
-* v3.7.3
+* v3.9.1
```
## Alertmanager
@@ -84,7 +90,7 @@ The Prometheus Operator is compatible with Alertmanager v0.15 and above.
The end-to-end tests are mostly tested against
```$ mdox-exec="go run ./cmd/po-docgen/. compatibility defaultAlertmanagerVersion"
-* v0.29.0
+* v0.30.0
```
## Thanos
@@ -94,5 +100,5 @@ The Prometheus Operator is compatible with Thanos v0.10 and above.
The end-to-end tests are mostly tested against
```$ mdox-exec="go run ./cmd/po-docgen/. compatibility defaultThanosVersion"
-* v0.39.2
+* v0.40.1
```
diff --git a/Documentation/getting-started/installation.md b/Documentation/getting-started/installation.md
index dfe0c0affe6..23f8afe371a 100644
--- a/Documentation/getting-started/installation.md
+++ b/Documentation/getting-started/installation.md
@@ -19,9 +19,11 @@ There are different approaches to install Prometheus Operator in your Kubernetes
### Pre-requisites
-For all the approaches listed on this page, you require access to a **Kubernetes cluster!** For this, you can check the official docs of Kubernetes available [here](https://kubernetes.io/docs/tasks/tools/).
+Due to the use of [Common Expression Language](https://kubernetes.io/docs/reference/using-api/cel/) (CEL) in Custom Resource Definitions, version >= v0.84.0 of the Prometheus Operator requires a Kubernetes cluster of version >= v1.25.0 (or >= v1.23.0 with the `CustomResourceValidationExpressions` feature gate enabled).
-Version `>=0.39.0` of the Prometheus Operator requires a Kubernetes cluster of version `>=1.16.0`. If you are just starting out with the Prometheus Operator, it is **highly recommended** to use the latest version. If you have an older version of Kubernetes and the Prometheus Operator running, we recommend upgrading Kubernetes first and then the Prometheus Operator.
+Releases before v0.84.0 require Kubernetes >= v1.16.0.
+
+If you are just starting out with the Prometheus Operator, it is **highly recommended** to use the latest version. If you have an older version of Kubernetes and the Prometheus Operator running, we recommend upgrading Kubernetes first and then the Prometheus Operator.
> Check the appropriate versions of each of the components in the [Compatibility]({{}}) page.
diff --git a/Documentation/platform/operator.md b/Documentation/platform/operator.md
index 3f13f5c9363..7b05d0de53e 100644
--- a/Documentation/platform/operator.md
+++ b/Documentation/platform/operator.md
@@ -85,7 +85,7 @@ Usage of ./operator:
-namespaces value
Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). This is mutually exclusive with --deny-namespaces.
-prometheus-config-reloader string
- Prometheus config reloader image (default "quay.io/prometheus-operator/prometheus-config-reloader:v0.87.1")
+ Prometheus config reloader image (default "quay.io/prometheus-operator/prometheus-config-reloader:v0.88.0")
-prometheus-default-base-image string
Prometheus default base image (path without tag/version) (default "quay.io/prometheus/prometheus")
-prometheus-instance-namespaces value
diff --git a/Documentation/platform/prometheus-agent.md b/Documentation/platform/prometheus-agent.md
index 573339e27f1..38502ec5dbc 100644
--- a/Documentation/platform/prometheus-agent.md
+++ b/Documentation/platform/prometheus-agent.md
@@ -26,7 +26,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
rules:
- apiGroups:
diff --git a/Documentation/platform/rbac.md b/Documentation/platform/rbac.md
index e0cb776e14f..7c206be99af 100644
--- a/Documentation/platform/rbac.md
+++ b/Documentation/platform/rbac.md
@@ -26,7 +26,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
rules:
- apiGroups:
@@ -212,7 +212,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
namespace: default
```
@@ -228,7 +228,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
diff --git a/Documentation/platform/troubleshooting.md b/Documentation/platform/troubleshooting.md
index 116fb5a86ba..7dba3be4366 100644
--- a/Documentation/platform/troubleshooting.md
+++ b/Documentation/platform/troubleshooting.md
@@ -53,6 +53,7 @@ Example of Role definition required by the Prometheus operator's Service Account
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
+metadata:
name: prometheus-operator-kubelet
rules:
- apiGroups:
@@ -72,6 +73,7 @@ Example of Role definition required by the Prometheus's Service Account to disco
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
+metadata:
name: prometheus-kubelet
rules:
- apiGroups:
diff --git a/Documentation/platform/webhook.md b/Documentation/platform/webhook.md
index 1daec711c45..df477168e21 100644
--- a/Documentation/platform/webhook.md
+++ b/Documentation/platform/webhook.md
@@ -86,7 +86,7 @@ kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator-admission-webhook
namespace: default
```
@@ -97,7 +97,7 @@ kind: Deployment
metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator-admission-webhook
namespace: default
spec:
@@ -114,7 +114,7 @@ spec:
kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
spec:
affinity:
podAntiAffinity:
@@ -131,7 +131,7 @@ spec:
- --web.enable-tls=true
- --web.cert-file=/etc/tls/private/tls.crt
- --web.key-file=/etc/tls/private/tls.key
- image: quay.io/prometheus-operator/admission-webhook:v0.87.1
+ image: quay.io/prometheus-operator/admission-webhook:v0.88.0
name: prometheus-operator-admission-webhook
ports:
- containerPort: 8443
@@ -179,7 +179,7 @@ kind: Service
metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator-admission-webhook
namespace: default
spec:
diff --git a/RELEASE.md b/RELEASE.md
index 8677f1fd377..68ac39c4924 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -18,8 +18,11 @@ The release cycle for cutting releases is every 6 weeks
| Release | Date of release (year-month-day) | Release shepherd |
|---------|----------------------------------|-------------------------------------------|
-| v0.89 | 2026-02-04 | **searching for volunteer** |
-| v0.88 | 2025-12-24 | **searching for volunteer** |
+| v0.92 | 2026-06-10 | **searching for volunteer** |
+| v0.91 | 2026-04-29 | **searching for volunteer** |
+| v0.90 | 2026-03-18 | **searching for volunteer** |
+| v0.89 | 2026-02-04 | Simon Pasquier (GitHub: @simonpasquier) |
+| v0.88 | 2025-12-24 | Jayapriya Pai (Github: @slashpai) |
| v0.87 | 2025-11-12 | Simon Pasquier (GitHub: @simonpasquier) |
| v0.86 | 2025-10-01 | Jayapriya Pai (Github: @slashpai) |
| v0.85 | 2025-08-20 | Simon Pasquier (GitHub: @simonpasquier) |
diff --git a/VERSION b/VERSION
index 7921aa127f3..fe6d01c1a45 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.87.1
+0.88.0
diff --git a/bundle.yaml b/bundle.yaml
index 444675444dc..2e0db11a94c 100644
--- a/bundle.yaml
+++ b/bundle.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: alertmanagerconfigs.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -63,6 +63,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
sourceMatch:
description: |-
sourceMatch defines matchers for which one or more alerts have to exist for the inhibition
@@ -102,6 +103,7 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
targetMatch:
description: |-
targetMatch defines matchers that have to be fulfilled in the alerts to be muted.
@@ -141,8 +143,10 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
muteTimeIntervals:
description: muteTimeIntervals defines the list of MuteTimeInterval
specifying when the routes should be muted.
@@ -176,6 +180,7 @@ spec:
type: integer
type: object
type: array
+ x-kubernetes-list-type: atomic
months:
description: months defines a list of MonthRange
items:
@@ -185,6 +190,7 @@ spec:
pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$)
type: string
type: array
+ x-kubernetes-list-type: atomic
times:
description: times defines a list of TimeRange
items:
@@ -203,6 +209,7 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
weekdays:
description: weekdays defines a list of WeekdayRange
items:
@@ -212,6 +219,7 @@ spec:
pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)
type: string
type: array
+ x-kubernetes-list-type: atomic
years:
description: years defines a list of YearRange
items:
@@ -219,12 +227,15 @@ spec:
pattern: ^2\d{3}(?::2\d{3}|$)
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
required:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
receivers:
description: receivers defines the list of receivers.
items:
@@ -1000,6 +1011,7 @@ spec:
- apiURL
type: object
type: array
+ x-kubernetes-list-type: atomic
emailConfigs:
description: emailConfigs defines the list of Email configurations.
items:
@@ -1098,6 +1110,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
hello:
description: |-
hello defines the hostname to identify to the SMTP server.
@@ -1303,6 +1316,7 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
msteamsConfigs:
description: |-
msteamsConfigs defines the list of MSTeams configurations.
@@ -2068,6 +2082,7 @@ spec:
- webhookUrl
type: object
type: array
+ x-kubernetes-list-type: atomic
msteamsv2Configs:
description: |-
msteamsv2Configs defines the list of MSTeamsV2 configurations.
@@ -2828,6 +2843,7 @@ spec:
x-kubernetes-map-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
name:
description: name defines the name of the receiver. Must be
unique across all items from the list.
@@ -2876,6 +2892,7 @@ spec:
description: |-
apiURL defines the URL to send OpsGenie API requests to.
When not specified, defaults to the standard OpsGenie API endpoint.
+ pattern: ^https?://.+$
type: string
description:
description: |-
@@ -2905,6 +2922,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
entity:
description: |-
entity defines an optional field that can be used to specify which domain alert is related to.
@@ -3672,6 +3690,7 @@ spec:
- type
type: object
type: array
+ x-kubernetes-list-type: atomic
sendResolved:
description: sendResolved defines whether or not to notify
about resolved alerts.
@@ -3693,6 +3712,7 @@ spec:
type: boolean
type: object
type: array
+ x-kubernetes-list-type: atomic
pagerdutyConfigs:
description: pagerdutyConfigs defines the List of PagerDuty
configurations.
@@ -3703,20 +3723,25 @@ spec:
properties:
class:
description: class defines the class/type of the event.
+ minLength: 1
type: string
client:
description: client defines the client identification.
+ minLength: 1
type: string
clientURL:
description: clientURL defines the backlink to the sender
of notification.
+ pattern: ^https?://.+$
type: string
component:
description: component defines the part or component of
the affected system that is broken.
+ minLength: 1
type: string
description:
description: description of the incident.
+ minLength: 1
type: string
details:
description: details defines the arbitrary key/value pairs
@@ -3740,8 +3765,10 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
group:
description: group defines a cluster or grouping of sources.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client configuration.
@@ -4459,17 +4486,21 @@ spec:
alt:
description: alt is the optional alternative text
for the image.
+ minLength: 1
type: string
href:
description: href defines the optional URL; makes
the image a clickable link.
+ pattern: ^https?://.+$
type: string
src:
description: src of the image being attached to
the incident
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
pagerDutyLinkConfigs:
description: pagerDutyLinkConfigs defines a list of link
details to attach that provide further detail about
@@ -4482,13 +4513,16 @@ spec:
description: alt defines the text that describes
the purpose of the link, and can be used as the
link's text.
+ minLength: 1
type: string
href:
description: href defines the URL of the link to
be attached
+ pattern: ^https?://.+$
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
routingKey:
description: |-
routingKey defines the secret's key that contains the PagerDuty integration key (when using
@@ -4552,16 +4586,26 @@ spec:
x-kubernetes-map-type: atomic
severity:
description: severity of the incident.
+ minLength: 1
type: string
source:
description: source defines the unique location of the
affected system.
+ minLength: 1
+ type: string
+ timeout:
+ description: |-
+ timeout is the maximum time allowed to invoke the pagerduty
+ It requires Alertmanager >= v0.30.0.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
url:
description: url defines the URL to send requests to.
+ pattern: ^https?://.+$
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
pushoverConfigs:
description: pushoverConfigs defines the list of Pushover configurations.
items:
@@ -4573,6 +4617,7 @@ spec:
description: |-
device defines the name of a specific device to send the notification to.
If not specified, the notification is sent to all user's devices.
+ minLength: 1
type: string
expire:
description: |-
@@ -4584,6 +4629,7 @@ spec:
description: |-
html defines whether notification message is HTML or plain text.
When true, the message can include HTML formatting tags.
+ html and monospace formatting are mutually exclusive.
type: boolean
httpConfig:
description: httpConfig defines the HTTP client configuration
@@ -5295,6 +5341,7 @@ spec:
description: |-
message defines the notification message content.
This is the main body text of the Pushover notification.
+ minLength: 1
type: string
monospace:
description: |-
@@ -5305,6 +5352,7 @@ spec:
description: |-
priority defines the notification priority level.
See https://pushover.net/api#priority for valid values and behavior.
+ minLength: 1
type: string
retry:
description: |-
@@ -5320,11 +5368,13 @@ spec:
description: |-
sound defines the name of one of the sounds supported by device clients.
This overrides the user's default sound choice for this notification.
+ minLength: 1
type: string
title:
description: |-
title defines the notification title displayed in the Pushover message.
This appears as the bold header text in the notification.
+ minLength: 1
type: string
token:
description: |-
@@ -5361,6 +5411,7 @@ spec:
See https://pushover.net/apps for application registration.
Either `token` or `tokenFile` is required.
It requires Alertmanager >= v0.26.0.
+ minLength: 1
type: string
ttl:
description: |-
@@ -5372,11 +5423,13 @@ spec:
description: |-
url defines a supplementary URL shown alongside the message.
This creates a clickable link within the Pushover notification.
+ pattern: ^https?://.+$
type: string
urlTitle:
description: |-
urlTitle defines a title for the supplementary URL.
If not specified, the raw URL is shown instead.
+ minLength: 1
type: string
userKey:
description: |-
@@ -5411,9 +5464,11 @@ spec:
userKeyFile defines the user key file that contains the recipient user's user key.
Either `userKey` or `userKeyFile` is required.
It requires Alertmanager >= v0.26.0.
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
rocketchatConfigs:
description: |-
rocketchatConfigs defines the list of RocketChat configurations.
@@ -5452,6 +5507,7 @@ spec:
type: object
minItems: 1
type: array
+ x-kubernetes-list-type: atomic
apiURL:
description: |-
apiURL defines the API URL for RocketChat.
@@ -5504,6 +5560,7 @@ spec:
type: object
minItems: 1
type: array
+ x-kubernetes-list-type: atomic
httpConfig:
description: httpConfig defines the HTTP client configuration
for RocketChat API requests.
@@ -6317,6 +6374,7 @@ spec:
- tokenID
type: object
type: array
+ x-kubernetes-list-type: atomic
slackConfigs:
description: slackConfigs defines the list of Slack configurations.
items:
@@ -6343,11 +6401,13 @@ spec:
description: |-
dismissText defines the label for the cancel button in the dialog.
When not specified, defaults to "Cancel". This button cancels the action.
+ minLength: 1
type: string
okText:
description: |-
okText defines the label for the confirmation button in the dialog.
When not specified, defaults to "Okay". This button proceeds with the action.
+ minLength: 1
type: string
text:
description: |-
@@ -6359,6 +6419,7 @@ spec:
description: |-
title defines the title text displayed at the top of the confirmation dialog.
When not specified, a default title will be used.
+ minLength: 1
type: string
required:
- text
@@ -6367,11 +6428,13 @@ spec:
description: |-
name defines a unique identifier for the action within the message.
This value is sent back to your application when the action is triggered.
+ minLength: 1
type: string
style:
description: |-
style defines the visual appearance of the action element.
Valid values include "default", "primary" (green), and "danger" (red).
+ minLength: 1
type: string
text:
description: |-
@@ -6389,17 +6452,21 @@ spec:
description: |-
url defines the URL to open when the action is triggered.
Only applicable for button-type actions. When set, clicking the button opens this URL.
+ pattern: ^https?://.+$
type: string
value:
description: |-
value defines the payload sent when the action is triggered.
This data is included in the callback sent to your application.
+ minLength: 1
type: string
required:
- text
- type
type: object
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
apiURL:
description: |-
apiURL defines the secret's key that contains the Slack webhook URL.
@@ -6430,19 +6497,23 @@ spec:
callbackId:
description: callbackId defines an identifier for the
message used in interactive components.
+ minLength: 1
type: string
channel:
description: channel defines the channel or user to send
notifications to.
+ minLength: 1
type: string
color:
description: |-
color defines the color of the left border of the Slack message attachment.
Can be a hex color code (e.g., "#ff0000") or a predefined color name.
+ minLength: 1
type: string
fallback:
description: fallback defines a plain-text summary of
the attachment for clients that don't support attachments.
+ minLength: 1
type: string
fields:
description: fields defines a list of Slack fields that
@@ -6476,10 +6547,13 @@ spec:
- title
- value
type: object
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
footer:
description: footer defines small text displayed at the
bottom of the message attachment.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client configuration.
@@ -7189,14 +7263,17 @@ spec:
iconEmoji:
description: iconEmoji defines the emoji to use as the
bot's avatar (e.g., ":ghost:").
+ minLength: 1
type: string
iconURL:
description: iconURL defines the URL to an image to use
as the bot's avatar.
+ pattern: ^https?://.+$
type: string
imageURL:
description: imageURL defines the URL to an image file
that will be displayed inside the message attachment.
+ pattern: ^https?://.+$
type: string
linkNames:
description: |-
@@ -7208,11 +7285,15 @@ spec:
mrkdwnIn defines which fields should be parsed as Slack markdown.
Valid values include "pretext", "text", and "fields".
items:
+ minLength: 1
type: string
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
pretext:
description: pretext defines optional text that appears
above the message attachment block.
+ minLength: 1
type: string
sendResolved:
description: sendResolved defines whether or not to notify
@@ -7226,25 +7307,38 @@ spec:
text:
description: text defines the main text content of the
Slack message attachment.
+ minLength: 1
type: string
thumbURL:
description: |-
thumbURL defines the URL to an image file that will be displayed as a thumbnail
on the right side of the message attachment.
+ pattern: ^https?://.+$
+ type: string
+ timeout:
+ description: |-
+ timeout defines the maximum time to wait for a webhook request to complete,
+ before failing the request and allowing it to be retried.
+ It requires Alertmanager >= v0.30.0.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
title:
description: title defines the title text displayed in
the Slack message attachment.
+ minLength: 1
type: string
titleLink:
description: titleLink defines the URL that the title
will link to when clicked.
+ pattern: ^https?://.+$
type: string
username:
description: username defines the slack bot user name.
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
snsConfigs:
description: snsConfigs defines the list of SNS configurations
items:
@@ -8076,6 +8170,7 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
telegramConfigs:
description: telegramConfigs defines the list of Telegram configurations.
items:
@@ -8087,6 +8182,7 @@ spec:
description: |-
apiURL defines the Telegram API URL, e.g. https://api.telegram.org.
If not specified, the default Telegram API URL will be used.
+ pattern: ^https?://.+$
type: string
botToken:
description: |-
@@ -8870,6 +8966,7 @@ spec:
- chatID
type: object
type: array
+ x-kubernetes-list-type: atomic
victoropsConfigs:
description: victoropsConfigs defines the list of VictorOps
configurations.
@@ -8909,6 +9006,7 @@ spec:
description: |-
apiUrl defines the VictorOps API URL.
When not specified, defaults to the standard VictorOps API endpoint.
+ pattern: ^https?://.+$
type: string
customFields:
description: |-
@@ -8933,10 +9031,12 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
entityDisplayName:
description: |-
entityDisplayName contains a summary of the alerted problem.
This appears as the main title or identifier for the incident.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client's configuration
@@ -9648,16 +9748,19 @@ spec:
description: |-
messageType describes the behavior of the alert.
Valid values are "CRITICAL", "WARNING", and "INFO".
+ minLength: 1
type: string
monitoringTool:
description: |-
monitoringTool defines the monitoring tool the state message is from.
This helps identify the source system that generated the alert.
+ minLength: 1
type: string
routingKey:
description: |-
routingKey defines a key used to map the alert to a team.
This determines which VictorOps team will receive the alert notification.
+ minLength: 1
type: string
sendResolved:
description: sendResolved defines whether or not to notify
@@ -9667,9 +9770,13 @@ spec:
description: |-
stateMessage contains a long explanation of the alerted problem.
This provides detailed context about the incident.
+ minLength: 1
type: string
+ required:
+ - routingKey
type: object
type: array
+ x-kubernetes-list-type: atomic
webexConfigs:
description: webexConfigs defines the list of Webex configurations.
items:
@@ -10403,6 +10510,7 @@ spec:
- roomID
type: object
type: array
+ x-kubernetes-list-type: atomic
webhookConfigs:
description: webhookConfigs defines the List of webhook configurations.
items:
@@ -11138,6 +11246,7 @@ spec:
description: |-
url defines the URL to send HTTP POST requests to.
urlSecret takes precedence over url. One of urlSecret and url should be defined.
+ pattern: ^https?://.+$
type: string
urlSecret:
description: |-
@@ -11169,6 +11278,7 @@ spec:
x-kubernetes-map-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
wechatConfigs:
description: wechatConfigs defines the list of WeChat configurations.
items:
@@ -11212,6 +11322,7 @@ spec:
description: |-
apiURL defines the WeChat API URL.
When not specified, defaults to the standard WeChat Work API endpoint.
+ pattern: ^https?://.+$
type: string
corpID:
description: |-
@@ -11955,10 +12066,14 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
required:
- name
type: object
type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
route:
description: |-
route defines the Alertmanager route definition for alerts matching the resource's
@@ -11971,6 +12086,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: set
continue:
description: |-
continue defines the boolean indicating whether an alert should continue matching subsequent
@@ -11985,6 +12101,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: set
groupInterval:
description: |-
groupInterval defines how long to wait before sending an updated notification.
@@ -12037,12 +12154,14 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
muteTimeIntervals:
description: muteTimeIntervals is a list of MuteTimeInterval names
that will mute this route when matched,
items:
type: string
type: array
+ x-kubernetes-list-type: set
receiver:
description: |-
receiver defines the name of the receiver for this route. If not empty, it should be listed in
@@ -12059,13 +12178,119 @@ spec:
items:
x-kubernetes-preserve-unknown-fields: true
type: array
+ x-kubernetes-list-type: atomic
type: object
type: object
+ status:
+ description: |-
+ status defines the status subresource. It is under active development and is updated only when the
+ "StatusForConfigurationResources" feature gate is enabled.
+
+ Most recent observed status of the ServiceMonitor. Read-only.
+ More info:
+ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bindings:
+ description: bindings defines the list of workload resources (Prometheus,
+ PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration
+ resource.
+ items:
+ description: WorkloadBinding is a link between a configuration resource
+ and a workload resource.
+ properties:
+ conditions:
+ description: conditions defines the current state of the configuration
+ resource when bound to the referenced Workload object.
+ items:
+ description: ConfigResourceCondition describes the status
+ of configuration resources linked to Prometheus, PrometheusAgent,
+ Alertmanager or ThanosRuler.
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime defines the time of the
+ last update to the current status property.
+ format: date-time
+ type: string
+ message:
+ description: message defines the human-readable message
+ indicating details for the condition's last transition.
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration defines the .metadata.generation that the
+ condition was set based upon. For instance, if `.metadata.generation` is
+ currently 12, but the `.status.conditions[].observedGeneration` is 9, the
+ condition is out of date with respect to the current state of the object.
+ format: int64
+ type: integer
+ reason:
+ description: reason for the condition's last transition.
+ type: string
+ status:
+ description: status of the condition.
+ minLength: 1
+ type: string
+ type:
+ description: |-
+ type of the condition being reported.
+ Currently, only "Accepted" is supported.
+ enum:
+ - Accepted
+ minLength: 1
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ group:
+ description: group defines the group of the referenced resource.
+ enum:
+ - monitoring.coreos.com
+ type: string
+ name:
+ description: name defines the name of the referenced object.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace defines the namespace of the referenced
+ object.
+ minLength: 1
+ type: string
+ resource:
+ description: resource defines the type of resource being referenced
+ (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager).
+ enum:
+ - prometheuses
+ - prometheusagents
+ - thanosrulers
+ - alertmanagers
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - name
+ - namespace
+ x-kubernetes-list-type: map
+ type: object
required:
- spec
type: object
served: true
storage: true
+ subresources:
+ status: {}
---
---
apiVersion: apiextensions.k8s.io/v1
@@ -12073,7 +12298,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: alertmanagers.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -14388,7 +14613,7 @@ spec:
type: string
type: object
webex:
- description: webex defines the default configuration for Jira.
+ description: webex defines the default configuration for Webex.
properties:
apiURL:
description: |-
@@ -18210,10 +18435,18 @@ spec:
type: string
minReadySeconds:
description: |-
- minReadySeconds defines the minimum number of seconds for which a newly created pod should be ready
- without any of its container crashing for it to be considered available.
+ minReadySeconds defines the minimum number of seconds for which a newly
+ created pod should be ready without any of its container crashing for it
+ to be considered available.
If unset, pods will be considered available as soon as they are ready.
+
+ When the Alertmanager version is greater than or equal to v0.30.0, the
+ duration is also used to delay the first flush of the aggregation
+ groups. This delay helps ensuring that all alerts have been resent by
+ the Prometheus instances to Alertmanager after a roll-out. It is
+ possible to override this behavior passing a custom value via
+ `.spec.additionalArgs`.
format: int32
minimum: 0
type: integer
@@ -18251,6 +18484,21 @@ spec:
the replica count to be deleted.
type: string
type: object
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the Alertmanager pods.
@@ -19590,6 +19838,48 @@ spec:
- whenUnsatisfiable
type: object
type: array
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: version the cluster should be on.
type: string
@@ -21936,7 +22226,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: podmonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -23119,6 +23409,11 @@ spec:
Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
type: boolean
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -23330,7 +23625,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: probes.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -23379,7 +23674,11 @@ spec:
for target discovery by Prometheus.
properties:
authorization:
- description: authorization section for this endpoint
+ description: |-
+ authorization configures the Authorization header credentials used by
+ the client.
+
+ Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.
properties:
credentials:
description: credentials defines a key of a Secret in the namespace
@@ -23417,8 +23716,10 @@ spec:
type: object
basicAuth:
description: |-
- basicAuth allow an endpoint to authenticate over basic authentication.
- More info: https://prometheus.io/docs/operating/configuration/#endpoint
+ basicAuth defines the Basic Authentication credentials used by the
+ client.
+
+ Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.
properties:
password:
description: |-
@@ -23475,9 +23776,14 @@ spec:
type: object
bearerTokenSecret:
description: |-
- bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret
- needs to be in the same namespace as the probe and accessible by
- the Prometheus Operator.
+ bearerTokenSecret defines a key of a Secret containing the bearer token
+ used by the client for authentication. The secret needs to be in the
+ same namespace as the custom resource and readable by the Prometheus
+ Operator.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.
+
+ Deprecated: use `authorization` instead.
properties:
key:
description: The key of the secret to select from. Must be a
@@ -23504,6 +23810,9 @@ spec:
convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets.
It requires Prometheus >= v3.0.0.
type: boolean
+ enableHttp2:
+ description: enableHttp2 can be used to disable HTTP2.
+ type: boolean
fallbackScrapeProtocol:
description: |-
fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
@@ -23516,6 +23825,11 @@ spec:
- PrometheusText0.0.4
- PrometheusText1.0.0
type: string
+ followRedirects:
+ description: |-
+ followRedirects defines whether the client should follow HTTP 3xx
+ redirects.
+ type: boolean
interval:
description: |-
interval at which targets are probed using the configured prober.
@@ -23663,8 +23977,12 @@ spec:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
oauth2:
- description: oauth2 for the URL. Only valid in Prometheus versions
- 2.27.0 and newer.
+ description: |-
+ oauth2 defines the OAuth2 settings used by the client.
+
+ It requires Prometheus >= 2.27.0.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.
properties:
clientId:
description: |-
@@ -24118,6 +24436,11 @@ spec:
Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
type: boolean
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -24434,8 +24757,7 @@ spec:
type: object
type: object
tlsConfig:
- description: tlsConfig defines the TLS configuration to use when scraping
- the endpoint.
+ description: tlsConfig defines the TLS configuration used by the client.
properties:
ca:
description: ca defines the Certificate authority used when verifying
@@ -24719,7 +25041,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: prometheusagents.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -29851,6 +30173,21 @@ spec:
the replica count to be deleted.
type: string
type: object
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the Prometheus pods.
@@ -30209,7 +30546,7 @@ spec:
managedIdentity:
description: |-
managedIdentity defines the Azure User-assigned Managed identity.
- Cannot be set at the same time as `oauth` or `sdk`.
+ Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
properties:
clientId:
description: |-
@@ -30222,7 +30559,7 @@ spec:
oauth:
description: |-
oauth defines the oauth config that is being used to authenticate.
- Cannot be set at the same time as `managedIdentity` or `sdk`.
+ Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
properties:
@@ -30270,11 +30607,17 @@ spec:
- clientSecret
- tenantId
type: object
+ scope:
+ description: |-
+ scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ pattern: ^[\w\s:/.\\-]+$
+ type: string
sdk:
description: |-
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- Cannot be set at the same time as `oauth` or `managedIdentity`.
+ Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
properties:
@@ -30285,6 +30628,27 @@ spec:
pattern: ^[0-9a-zA-Z-.]+$
type: string
type: object
+ workloadIdentity:
+ description: |-
+ workloadIdentity defines the Azure Workload Identity authentication.
+ Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+
+ It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ properties:
+ clientId:
+ description: clientId is the clientID of the Azure Active
+ Directory application.
+ minLength: 1
+ type: string
+ tenantId:
+ description: tenantId is the tenant ID of the Azure
+ Active Directory application.
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - tenantId
+ type: object
type: object
basicAuth:
description: |-
@@ -31980,6 +32344,11 @@ spec:
Default: "30s"
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -33381,16 +33750,19 @@ spec:
properties:
clientType:
description: clientType defines the client used to export the
- traces. Supported values are `http` or `grpc`.
+ traces. Supported values are `HTTP` and `GRPC`.
enum:
- http
- grpc
+ - HTTP
+ - GRPC
type: string
compression:
description: compression key for supported compression types.
- The only supported value is `gzip`.
+ The only supported value is `Gzip`.
enum:
- gzip
+ - Gzip
type: string
endpoint:
description: endpoint to send the traces to. Should be provided
@@ -33622,6 +33994,48 @@ spec:
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
type: object
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: |-
version of Prometheus being deployed. The operator uses this information
@@ -35892,6 +36306,17 @@ spec:
rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.scrapeConfigSelector))'
- message: probeSelector cannot be set when mode is DaemonSet
rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.probeSelector))'
+ - message: scrapeConfigNamespaceSelector cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.scrapeConfigNamespaceSelector))'
+ - message: probeNamespaceSelector cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.probeNamespaceSelector))'
+ - message: serviceMonitorSelector cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.serviceMonitorSelector))'
+ - message: serviceMonitorNamespaceSelector cannot be set when mode is
+ DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.serviceMonitorNamespaceSelector))'
+ - message: additionalScrapeConfigs cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.additionalScrapeConfigs))'
status:
description: |-
status defines the most recent observed status of the Prometheus cluster. Read-only.
@@ -36040,7 +36465,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: prometheuses.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -41956,6 +42381,21 @@ spec:
the replica count to be deleted.
type: string
type: object
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the Prometheus pods.
@@ -43120,7 +43560,7 @@ spec:
managedIdentity:
description: |-
managedIdentity defines the Azure User-assigned Managed identity.
- Cannot be set at the same time as `oauth` or `sdk`.
+ Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
properties:
clientId:
description: |-
@@ -43133,7 +43573,7 @@ spec:
oauth:
description: |-
oauth defines the oauth config that is being used to authenticate.
- Cannot be set at the same time as `managedIdentity` or `sdk`.
+ Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
properties:
@@ -43181,11 +43621,17 @@ spec:
- clientSecret
- tenantId
type: object
+ scope:
+ description: |-
+ scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ pattern: ^[\w\s:/.\\-]+$
+ type: string
sdk:
description: |-
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- Cannot be set at the same time as `oauth` or `managedIdentity`.
+ Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
properties:
@@ -43196,6 +43642,27 @@ spec:
pattern: ^[0-9a-zA-Z-.]+$
type: string
type: object
+ workloadIdentity:
+ description: |-
+ workloadIdentity defines the Azure Workload Identity authentication.
+ Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+
+ It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ properties:
+ clientId:
+ description: clientId is the clientID of the Azure Active
+ Directory application.
+ minLength: 1
+ type: string
+ tenantId:
+ description: tenantId is the tenant ID of the Azure
+ Active Directory application.
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - tenantId
+ type: object
type: object
basicAuth:
description: |-
@@ -45036,6 +45503,11 @@ spec:
Default: "30s"
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -46999,16 +47471,19 @@ spec:
properties:
clientType:
description: clientType defines the client used to export the
- traces. Supported values are `http` or `grpc`.
+ traces. Supported values are `HTTP` and `GRPC`.
enum:
- http
- grpc
+ - HTTP
+ - GRPC
type: string
compression:
description: compression key for supported compression types.
- The only supported value is `gzip`.
+ The only supported value is `Gzip`.
enum:
- gzip
+ - Gzip
type: string
endpoint:
description: endpoint to send the traces to. Should be provided
@@ -47240,6 +47715,48 @@ spec:
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
type: object
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: |-
version of Prometheus being deployed. The operator uses this information
@@ -49643,7 +50160,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: prometheusrules.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -49910,7 +50427,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: scrapeconfigs.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -62443,6 +62960,11 @@ spec:
scrapes.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -62804,7 +63326,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: servicemonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -62895,10 +63417,10 @@ spec:
properties:
authorization:
description: |-
- authorization configures the Authorization header credentials to use when
- scraping the target.
+ authorization configures the Authorization header credentials used by
+ the client.
- Cannot be set at the same time as `basicAuth`, or `oauth2`.
+ Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.
properties:
credentials:
description: credentials defines a key of a Secret in the
@@ -62936,10 +63458,10 @@ spec:
type: object
basicAuth:
description: |-
- basicAuth defines the Basic Authentication credentials to use when
- scraping the target.
+ basicAuth defines the Basic Authentication credentials used by the
+ client.
- Cannot be set at the same time as `authorization`, or `oauth2`.
+ Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.
properties:
password:
description: |-
@@ -63002,9 +63524,12 @@ spec:
type: string
bearerTokenSecret:
description: |-
- bearerTokenSecret defines a key of a Secret containing the bearer
- token for scraping targets. The secret needs to be in the same namespace
- as the ServiceMonitor object and readable by the Prometheus Operator.
+ bearerTokenSecret defines a key of a Secret containing the bearer token
+ used by the client for authentication. The secret needs to be in the
+ same namespace as the custom resource and readable by the Prometheus
+ Operator.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.
Deprecated: use `authorization` instead.
properties:
@@ -63030,8 +63555,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
enableHttp2:
- description: enableHttp2 can be used to disable HTTP2 when scraping
- the target.
+ description: enableHttp2 can be used to disable HTTP2.
type: boolean
filterRunning:
description: |-
@@ -63044,8 +63568,8 @@ spec:
type: boolean
followRedirects:
description: |-
- followRedirects defines whether the scrape requests should follow HTTP
- 3xx redirects.
+ followRedirects defines whether the client should follow HTTP 3xx
+ redirects.
type: boolean
honorLabels:
description: |-
@@ -63163,11 +63687,11 @@ spec:
type: string
oauth2:
description: |-
- oauth2 defines the OAuth2 settings to use when scraping the target.
+ oauth2 defines the OAuth2 settings used by the client.
It requires Prometheus >= 2.27.0.
- Cannot be set at the same time as `authorization`, or `basicAuth`.
+ Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.
properties:
clientId:
description: |-
@@ -63679,8 +64203,8 @@ spec:
Service. The port must be specified with the container's port property.
x-kubernetes-int-or-string: true
tlsConfig:
- description: tlsConfig defines the TLS configuration to use
- when scraping the target.
+ description: tlsConfig defines TLS configuration used by the
+ client.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -63980,6 +64504,11 @@ spec:
Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
type: boolean
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -64210,7 +64739,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: thanosrulers.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -68850,6 +69379,21 @@ spec:
paused defines when a ThanosRuler deployment is paused, no actions except for deletion
will be performed on the underlying objects.
type: boolean
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the ThanosRuler pods.
@@ -69043,7 +69587,7 @@ spec:
managedIdentity:
description: |-
managedIdentity defines the Azure User-assigned Managed identity.
- Cannot be set at the same time as `oauth` or `sdk`.
+ Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
properties:
clientId:
description: |-
@@ -69056,7 +69600,7 @@ spec:
oauth:
description: |-
oauth defines the oauth config that is being used to authenticate.
- Cannot be set at the same time as `managedIdentity` or `sdk`.
+ Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
properties:
@@ -69104,11 +69648,17 @@ spec:
- clientSecret
- tenantId
type: object
+ scope:
+ description: |-
+ scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ pattern: ^[\w\s:/.\\-]+$
+ type: string
sdk:
description: |-
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- Cannot be set at the same time as `oauth` or `managedIdentity`.
+ Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
properties:
@@ -69119,6 +69669,27 @@ spec:
pattern: ^[0-9a-zA-Z-.]+$
type: string
type: object
+ workloadIdentity:
+ description: |-
+ workloadIdentity defines the Azure Workload Identity authentication.
+ Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+
+ It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ properties:
+ clientId:
+ description: clientId is the clientID of the Azure Active
+ Directory application.
+ minLength: 1
+ type: string
+ tenantId:
+ description: tenantId is the tenant ID of the Azure
+ Active Directory application.
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - tenantId
+ type: object
type: object
basicAuth:
description: |-
@@ -71525,6 +72096,48 @@ spec:
This field takes precedence over `tracingConfig`.
type: string
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: version of Thanos to be deployed.
type: string
@@ -73850,7 +74463,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -73867,7 +74480,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
rules:
- apiGroups:
@@ -73980,7 +74593,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
namespace: default
spec:
@@ -73996,19 +74609,21 @@ spec:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
spec:
automountServiceAccountToken: true
containers:
- args:
- --kubelet-service=kube-system/kubelet
- - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.87.1
+ - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.88.0
+ - --watch-referenced-objects-in-all-namespaces=true
+ - --disable-unmanaged-prometheus-configuration=true
- --kubelet-endpoints=true
- --kubelet-endpointslice=false
env:
- name: GOGC
value: "30"
- image: quay.io/prometheus-operator/prometheus-operator:v0.87.1
+ image: quay.io/prometheus-operator/prometheus-operator:v0.88.0
name: prometheus-operator
ports:
- containerPort: 8080
@@ -74042,7 +74657,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
namespace: default
---
@@ -74052,7 +74667,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
namespace: default
spec:
diff --git a/cmd/admission-webhook/Dockerfile b/cmd/admission-webhook/Dockerfile
index 7fd8f874318..71cd4ab158c 100644
--- a/cmd/admission-webhook/Dockerfile
+++ b/cmd/admission-webhook/Dockerfile
@@ -1,6 +1,6 @@
ARG ARCH=amd64
ARG OS=linux
-ARG GOLANG_BUILDER=1.24
+ARG GOLANG_BUILDER=1.25
FROM quay.io/prometheus/golang-builder:${GOLANG_BUILDER}-base AS builder
WORKDIR /workspace
diff --git a/cmd/prometheus-config-reloader/Dockerfile b/cmd/prometheus-config-reloader/Dockerfile
index d84cfb96541..74ed0f0bd0c 100644
--- a/cmd/prometheus-config-reloader/Dockerfile
+++ b/cmd/prometheus-config-reloader/Dockerfile
@@ -1,6 +1,6 @@
ARG ARCH=amd64
ARG OS=linux
-ARG GOLANG_BUILDER=1.24
+ARG GOLANG_BUILDER=1.25
FROM quay.io/prometheus/golang-builder:${GOLANG_BUILDER}-base AS builder
WORKDIR /workspace
diff --git a/example/admission-webhook/deployment.yaml b/example/admission-webhook/deployment.yaml
index 52508e8150b..bac9683be92 100644
--- a/example/admission-webhook/deployment.yaml
+++ b/example/admission-webhook/deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator-admission-webhook
namespace: default
spec:
@@ -20,7 +20,7 @@ spec:
kubectl.kubernetes.io/default-container: prometheus-operator-admission-webhook
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
spec:
affinity:
podAntiAffinity:
@@ -37,7 +37,7 @@ spec:
- --web.enable-tls=true
- --web.cert-file=/etc/tls/private/tls.crt
- --web.key-file=/etc/tls/private/tls.key
- image: quay.io/prometheus-operator/admission-webhook:v0.87.1
+ image: quay.io/prometheus-operator/admission-webhook:v0.88.0
name: prometheus-operator-admission-webhook
ports:
- containerPort: 8443
diff --git a/example/admission-webhook/pod-disruption-budget.yaml b/example/admission-webhook/pod-disruption-budget.yaml
index 0cbb2e2475d..643d3529946 100644
--- a/example/admission-webhook/pod-disruption-budget.yaml
+++ b/example/admission-webhook/pod-disruption-budget.yaml
@@ -3,7 +3,7 @@ kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator-admission-webhook
namespace: default
spec:
diff --git a/example/admission-webhook/service-account.yaml b/example/admission-webhook/service-account.yaml
index 32d0f35cde1..3f3a21f047f 100644
--- a/example/admission-webhook/service-account.yaml
+++ b/example/admission-webhook/service-account.yaml
@@ -4,6 +4,6 @@ kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator-admission-webhook
namespace: default
diff --git a/example/admission-webhook/service-monitor.yaml b/example/admission-webhook/service-monitor.yaml
index 1b71c7ec742..8d8e8b330f7 100644
--- a/example/admission-webhook/service-monitor.yaml
+++ b/example/admission-webhook/service-monitor.yaml
@@ -3,7 +3,7 @@ kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator-admission-webhook
namespace: default
spec:
@@ -13,4 +13,4 @@ spec:
selector:
matchLabels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
diff --git a/example/admission-webhook/service.yaml b/example/admission-webhook/service.yaml
index 8488e7a6071..b4596ad07fa 100644
--- a/example/admission-webhook/service.yaml
+++ b/example/admission-webhook/service.yaml
@@ -3,7 +3,7 @@ kind: Service
metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator-admission-webhook
namespace: default
spec:
diff --git a/example/alertmanager-crd-conversion/patch.json b/example/alertmanager-crd-conversion/patch.json
index 5b193b27789..b027a599057 100644
--- a/example/alertmanager-crd-conversion/patch.json
+++ b/example/alertmanager-crd-conversion/patch.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "alertmanagerconfigs.monitoring.coreos.com"
},
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml
index 6329516f04e..9ca318d28b1 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagerconfigs.yaml
@@ -62,6 +62,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
sourceMatch:
description: |-
sourceMatch defines matchers for which one or more alerts have to exist for the inhibition
@@ -101,6 +102,7 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
targetMatch:
description: |-
targetMatch defines matchers that have to be fulfilled in the alerts to be muted.
@@ -140,8 +142,10 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
muteTimeIntervals:
description: muteTimeIntervals defines the list of MuteTimeInterval
specifying when the routes should be muted.
@@ -175,6 +179,7 @@ spec:
type: integer
type: object
type: array
+ x-kubernetes-list-type: atomic
months:
description: months defines a list of MonthRange
items:
@@ -184,6 +189,7 @@ spec:
pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$)
type: string
type: array
+ x-kubernetes-list-type: atomic
times:
description: times defines a list of TimeRange
items:
@@ -202,6 +208,7 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
weekdays:
description: weekdays defines a list of WeekdayRange
items:
@@ -211,6 +218,7 @@ spec:
pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)
type: string
type: array
+ x-kubernetes-list-type: atomic
years:
description: years defines a list of YearRange
items:
@@ -218,12 +226,15 @@ spec:
pattern: ^2\d{3}(?::2\d{3}|$)
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
required:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
receivers:
description: receivers defines the list of receivers.
items:
@@ -999,6 +1010,7 @@ spec:
- apiURL
type: object
type: array
+ x-kubernetes-list-type: atomic
emailConfigs:
description: emailConfigs defines the list of Email configurations.
items:
@@ -1097,6 +1109,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
hello:
description: |-
hello defines the hostname to identify to the SMTP server.
@@ -1302,6 +1315,7 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
msteamsConfigs:
description: |-
msteamsConfigs defines the list of MSTeams configurations.
@@ -2067,6 +2081,7 @@ spec:
- webhookUrl
type: object
type: array
+ x-kubernetes-list-type: atomic
msteamsv2Configs:
description: |-
msteamsv2Configs defines the list of MSTeamsV2 configurations.
@@ -2827,6 +2842,7 @@ spec:
x-kubernetes-map-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
name:
description: name defines the name of the receiver. Must be
unique across all items from the list.
@@ -2875,6 +2891,7 @@ spec:
description: |-
apiURL defines the URL to send OpsGenie API requests to.
When not specified, defaults to the standard OpsGenie API endpoint.
+ pattern: ^https?://.+$
type: string
description:
description: |-
@@ -2904,6 +2921,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
entity:
description: |-
entity defines an optional field that can be used to specify which domain alert is related to.
@@ -3671,6 +3689,7 @@ spec:
- type
type: object
type: array
+ x-kubernetes-list-type: atomic
sendResolved:
description: sendResolved defines whether or not to notify
about resolved alerts.
@@ -3692,6 +3711,7 @@ spec:
type: boolean
type: object
type: array
+ x-kubernetes-list-type: atomic
pagerdutyConfigs:
description: pagerdutyConfigs defines the List of PagerDuty
configurations.
@@ -3702,20 +3722,25 @@ spec:
properties:
class:
description: class defines the class/type of the event.
+ minLength: 1
type: string
client:
description: client defines the client identification.
+ minLength: 1
type: string
clientURL:
description: clientURL defines the backlink to the sender
of notification.
+ pattern: ^https?://.+$
type: string
component:
description: component defines the part or component of
the affected system that is broken.
+ minLength: 1
type: string
description:
description: description of the incident.
+ minLength: 1
type: string
details:
description: details defines the arbitrary key/value pairs
@@ -3739,8 +3764,10 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
group:
description: group defines a cluster or grouping of sources.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client configuration.
@@ -4458,17 +4485,21 @@ spec:
alt:
description: alt is the optional alternative text
for the image.
+ minLength: 1
type: string
href:
description: href defines the optional URL; makes
the image a clickable link.
+ pattern: ^https?://.+$
type: string
src:
description: src of the image being attached to
the incident
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
pagerDutyLinkConfigs:
description: pagerDutyLinkConfigs defines a list of link
details to attach that provide further detail about
@@ -4481,13 +4512,16 @@ spec:
description: alt defines the text that describes
the purpose of the link, and can be used as the
link's text.
+ minLength: 1
type: string
href:
description: href defines the URL of the link to
be attached
+ pattern: ^https?://.+$
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
routingKey:
description: |-
routingKey defines the secret's key that contains the PagerDuty integration key (when using
@@ -4551,16 +4585,26 @@ spec:
x-kubernetes-map-type: atomic
severity:
description: severity of the incident.
+ minLength: 1
type: string
source:
description: source defines the unique location of the
affected system.
+ minLength: 1
+ type: string
+ timeout:
+ description: |-
+ timeout is the maximum time allowed to invoke the pagerduty
+ It requires Alertmanager >= v0.30.0.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
url:
description: url defines the URL to send requests to.
+ pattern: ^https?://.+$
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
pushoverConfigs:
description: pushoverConfigs defines the list of Pushover configurations.
items:
@@ -4572,6 +4616,7 @@ spec:
description: |-
device defines the name of a specific device to send the notification to.
If not specified, the notification is sent to all user's devices.
+ minLength: 1
type: string
expire:
description: |-
@@ -4583,6 +4628,7 @@ spec:
description: |-
html defines whether notification message is HTML or plain text.
When true, the message can include HTML formatting tags.
+ html and monospace formatting are mutually exclusive.
type: boolean
httpConfig:
description: httpConfig defines the HTTP client configuration
@@ -5294,6 +5340,7 @@ spec:
description: |-
message defines the notification message content.
This is the main body text of the Pushover notification.
+ minLength: 1
type: string
monospace:
description: |-
@@ -5304,6 +5351,7 @@ spec:
description: |-
priority defines the notification priority level.
See https://pushover.net/api#priority for valid values and behavior.
+ minLength: 1
type: string
retry:
description: |-
@@ -5319,11 +5367,13 @@ spec:
description: |-
sound defines the name of one of the sounds supported by device clients.
This overrides the user's default sound choice for this notification.
+ minLength: 1
type: string
title:
description: |-
title defines the notification title displayed in the Pushover message.
This appears as the bold header text in the notification.
+ minLength: 1
type: string
token:
description: |-
@@ -5360,6 +5410,7 @@ spec:
See https://pushover.net/apps for application registration.
Either `token` or `tokenFile` is required.
It requires Alertmanager >= v0.26.0.
+ minLength: 1
type: string
ttl:
description: |-
@@ -5371,11 +5422,13 @@ spec:
description: |-
url defines a supplementary URL shown alongside the message.
This creates a clickable link within the Pushover notification.
+ pattern: ^https?://.+$
type: string
urlTitle:
description: |-
urlTitle defines a title for the supplementary URL.
If not specified, the raw URL is shown instead.
+ minLength: 1
type: string
userKey:
description: |-
@@ -5410,9 +5463,11 @@ spec:
userKeyFile defines the user key file that contains the recipient user's user key.
Either `userKey` or `userKeyFile` is required.
It requires Alertmanager >= v0.26.0.
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
rocketchatConfigs:
description: |-
rocketchatConfigs defines the list of RocketChat configurations.
@@ -5451,6 +5506,7 @@ spec:
type: object
minItems: 1
type: array
+ x-kubernetes-list-type: atomic
apiURL:
description: |-
apiURL defines the API URL for RocketChat.
@@ -5503,6 +5559,7 @@ spec:
type: object
minItems: 1
type: array
+ x-kubernetes-list-type: atomic
httpConfig:
description: httpConfig defines the HTTP client configuration
for RocketChat API requests.
@@ -6316,6 +6373,7 @@ spec:
- tokenID
type: object
type: array
+ x-kubernetes-list-type: atomic
slackConfigs:
description: slackConfigs defines the list of Slack configurations.
items:
@@ -6342,11 +6400,13 @@ spec:
description: |-
dismissText defines the label for the cancel button in the dialog.
When not specified, defaults to "Cancel". This button cancels the action.
+ minLength: 1
type: string
okText:
description: |-
okText defines the label for the confirmation button in the dialog.
When not specified, defaults to "Okay". This button proceeds with the action.
+ minLength: 1
type: string
text:
description: |-
@@ -6358,6 +6418,7 @@ spec:
description: |-
title defines the title text displayed at the top of the confirmation dialog.
When not specified, a default title will be used.
+ minLength: 1
type: string
required:
- text
@@ -6366,11 +6427,13 @@ spec:
description: |-
name defines a unique identifier for the action within the message.
This value is sent back to your application when the action is triggered.
+ minLength: 1
type: string
style:
description: |-
style defines the visual appearance of the action element.
Valid values include "default", "primary" (green), and "danger" (red).
+ minLength: 1
type: string
text:
description: |-
@@ -6388,17 +6451,21 @@ spec:
description: |-
url defines the URL to open when the action is triggered.
Only applicable for button-type actions. When set, clicking the button opens this URL.
+ pattern: ^https?://.+$
type: string
value:
description: |-
value defines the payload sent when the action is triggered.
This data is included in the callback sent to your application.
+ minLength: 1
type: string
required:
- text
- type
type: object
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
apiURL:
description: |-
apiURL defines the secret's key that contains the Slack webhook URL.
@@ -6429,19 +6496,23 @@ spec:
callbackId:
description: callbackId defines an identifier for the
message used in interactive components.
+ minLength: 1
type: string
channel:
description: channel defines the channel or user to send
notifications to.
+ minLength: 1
type: string
color:
description: |-
color defines the color of the left border of the Slack message attachment.
Can be a hex color code (e.g., "#ff0000") or a predefined color name.
+ minLength: 1
type: string
fallback:
description: fallback defines a plain-text summary of
the attachment for clients that don't support attachments.
+ minLength: 1
type: string
fields:
description: fields defines a list of Slack fields that
@@ -6475,10 +6546,13 @@ spec:
- title
- value
type: object
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
footer:
description: footer defines small text displayed at the
bottom of the message attachment.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client configuration.
@@ -7188,14 +7262,17 @@ spec:
iconEmoji:
description: iconEmoji defines the emoji to use as the
bot's avatar (e.g., ":ghost:").
+ minLength: 1
type: string
iconURL:
description: iconURL defines the URL to an image to use
as the bot's avatar.
+ pattern: ^https?://.+$
type: string
imageURL:
description: imageURL defines the URL to an image file
that will be displayed inside the message attachment.
+ pattern: ^https?://.+$
type: string
linkNames:
description: |-
@@ -7207,11 +7284,15 @@ spec:
mrkdwnIn defines which fields should be parsed as Slack markdown.
Valid values include "pretext", "text", and "fields".
items:
+ minLength: 1
type: string
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
pretext:
description: pretext defines optional text that appears
above the message attachment block.
+ minLength: 1
type: string
sendResolved:
description: sendResolved defines whether or not to notify
@@ -7225,25 +7306,38 @@ spec:
text:
description: text defines the main text content of the
Slack message attachment.
+ minLength: 1
type: string
thumbURL:
description: |-
thumbURL defines the URL to an image file that will be displayed as a thumbnail
on the right side of the message attachment.
+ pattern: ^https?://.+$
+ type: string
+ timeout:
+ description: |-
+ timeout defines the maximum time to wait for a webhook request to complete,
+ before failing the request and allowing it to be retried.
+ It requires Alertmanager >= v0.30.0.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
title:
description: title defines the title text displayed in
the Slack message attachment.
+ minLength: 1
type: string
titleLink:
description: titleLink defines the URL that the title
will link to when clicked.
+ pattern: ^https?://.+$
type: string
username:
description: username defines the slack bot user name.
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
snsConfigs:
description: snsConfigs defines the list of SNS configurations
items:
@@ -8075,6 +8169,7 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
telegramConfigs:
description: telegramConfigs defines the list of Telegram configurations.
items:
@@ -8086,6 +8181,7 @@ spec:
description: |-
apiURL defines the Telegram API URL, e.g. https://api.telegram.org.
If not specified, the default Telegram API URL will be used.
+ pattern: ^https?://.+$
type: string
botToken:
description: |-
@@ -8869,6 +8965,7 @@ spec:
- chatID
type: object
type: array
+ x-kubernetes-list-type: atomic
victoropsConfigs:
description: victoropsConfigs defines the list of VictorOps
configurations.
@@ -8908,6 +9005,7 @@ spec:
description: |-
apiUrl defines the VictorOps API URL.
When not specified, defaults to the standard VictorOps API endpoint.
+ pattern: ^https?://.+$
type: string
customFields:
description: |-
@@ -8932,10 +9030,12 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
entityDisplayName:
description: |-
entityDisplayName contains a summary of the alerted problem.
This appears as the main title or identifier for the incident.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client's configuration
@@ -9647,16 +9747,19 @@ spec:
description: |-
messageType describes the behavior of the alert.
Valid values are "CRITICAL", "WARNING", and "INFO".
+ minLength: 1
type: string
monitoringTool:
description: |-
monitoringTool defines the monitoring tool the state message is from.
This helps identify the source system that generated the alert.
+ minLength: 1
type: string
routingKey:
description: |-
routingKey defines a key used to map the alert to a team.
This determines which VictorOps team will receive the alert notification.
+ minLength: 1
type: string
sendResolved:
description: sendResolved defines whether or not to notify
@@ -9666,9 +9769,13 @@ spec:
description: |-
stateMessage contains a long explanation of the alerted problem.
This provides detailed context about the incident.
+ minLength: 1
type: string
+ required:
+ - routingKey
type: object
type: array
+ x-kubernetes-list-type: atomic
webexConfigs:
description: webexConfigs defines the list of Webex configurations.
items:
@@ -10402,6 +10509,7 @@ spec:
- roomID
type: object
type: array
+ x-kubernetes-list-type: atomic
webhookConfigs:
description: webhookConfigs defines the List of webhook configurations.
items:
@@ -11137,6 +11245,7 @@ spec:
description: |-
url defines the URL to send HTTP POST requests to.
urlSecret takes precedence over url. One of urlSecret and url should be defined.
+ pattern: ^https?://.+$
type: string
urlSecret:
description: |-
@@ -11168,6 +11277,7 @@ spec:
x-kubernetes-map-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
wechatConfigs:
description: wechatConfigs defines the list of WeChat configurations.
items:
@@ -11211,6 +11321,7 @@ spec:
description: |-
apiURL defines the WeChat API URL.
When not specified, defaults to the standard WeChat Work API endpoint.
+ pattern: ^https?://.+$
type: string
corpID:
description: |-
@@ -11954,10 +12065,14 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
required:
- name
type: object
type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
route:
description: |-
route defines the Alertmanager route definition for alerts matching the resource's
@@ -11970,6 +12085,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: set
continue:
description: |-
continue defines the boolean indicating whether an alert should continue matching subsequent
@@ -11984,6 +12100,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: set
groupInterval:
description: |-
groupInterval defines how long to wait before sending an updated notification.
@@ -12036,12 +12153,14 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
muteTimeIntervals:
description: muteTimeIntervals is a list of MuteTimeInterval names
that will mute this route when matched,
items:
type: string
type: array
+ x-kubernetes-list-type: set
receiver:
description: |-
receiver defines the name of the receiver for this route. If not empty, it should be listed in
@@ -12058,13 +12177,119 @@ spec:
items:
x-kubernetes-preserve-unknown-fields: true
type: array
+ x-kubernetes-list-type: atomic
type: object
type: object
+ status:
+ description: |-
+ status defines the status subresource. It is under active development and is updated only when the
+ "StatusForConfigurationResources" feature gate is enabled.
+
+ Most recent observed status of the ServiceMonitor. Read-only.
+ More info:
+ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bindings:
+ description: bindings defines the list of workload resources (Prometheus,
+ PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration
+ resource.
+ items:
+ description: WorkloadBinding is a link between a configuration resource
+ and a workload resource.
+ properties:
+ conditions:
+ description: conditions defines the current state of the configuration
+ resource when bound to the referenced Workload object.
+ items:
+ description: ConfigResourceCondition describes the status
+ of configuration resources linked to Prometheus, PrometheusAgent,
+ Alertmanager or ThanosRuler.
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime defines the time of the
+ last update to the current status property.
+ format: date-time
+ type: string
+ message:
+ description: message defines the human-readable message
+ indicating details for the condition's last transition.
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration defines the .metadata.generation that the
+ condition was set based upon. For instance, if `.metadata.generation` is
+ currently 12, but the `.status.conditions[].observedGeneration` is 9, the
+ condition is out of date with respect to the current state of the object.
+ format: int64
+ type: integer
+ reason:
+ description: reason for the condition's last transition.
+ type: string
+ status:
+ description: status of the condition.
+ minLength: 1
+ type: string
+ type:
+ description: |-
+ type of the condition being reported.
+ Currently, only "Accepted" is supported.
+ enum:
+ - Accepted
+ minLength: 1
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ group:
+ description: group defines the group of the referenced resource.
+ enum:
+ - monitoring.coreos.com
+ type: string
+ name:
+ description: name defines the name of the referenced object.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace defines the namespace of the referenced
+ object.
+ minLength: 1
+ type: string
+ resource:
+ description: resource defines the type of resource being referenced
+ (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager).
+ enum:
+ - prometheuses
+ - prometheusagents
+ - thanosrulers
+ - alertmanagers
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - name
+ - namespace
+ x-kubernetes-list-type: map
+ type: object
required:
- spec
type: object
served: true
storage: true
+ subresources:
+ status: {}
- name: v1beta1
schema:
openAPIV3Schema:
@@ -14789,6 +15014,7 @@ spec:
description: |-
apiURL defines the URL to send OpsGenie API requests to.
When not specified, defaults to the standard OpsGenie API endpoint.
+ pattern: ^https?://.+$
type: string
description:
description: |-
@@ -15604,20 +15830,25 @@ spec:
properties:
class:
description: class defines the class/type of the event.
+ minLength: 1
type: string
client:
description: client defines the client identification.
+ minLength: 1
type: string
clientURL:
description: clientURL defines the backlink to the sender
of notification.
+ pattern: ^https?://.+$
type: string
component:
description: component defines the part or component of
the affected system that is broken.
+ minLength: 1
type: string
description:
description: description of the incident.
+ minLength: 1
type: string
details:
description: details defines the arbitrary key/value pairs
@@ -15641,8 +15872,10 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
group:
description: group defines a cluster or grouping of sources.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client configuration.
@@ -16353,17 +16586,21 @@ spec:
alt:
description: alt is the optional alternative text
for the image.
+ minLength: 1
type: string
href:
description: href defines the optional URL; makes
the image a clickable link.
+ pattern: ^https?://.+$
type: string
src:
description: src of the image being attached to
the incident
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
pagerDutyLinkConfigs:
description: pagerDutyLinkConfigs defines a list of link
details to attach that provide further detail about
@@ -16376,13 +16613,16 @@ spec:
description: alt defines the text that describes
the purpose of the link, and can be used as the
link's text.
+ minLength: 1
type: string
href:
description: href defines the URL of the link to
be attached
+ pattern: ^https?://.+$
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
routingKey:
description: |-
routingKey defines the secret's key that contains the PagerDuty integration key (when using
@@ -16432,13 +16672,22 @@ spec:
type: object
severity:
description: severity of the incident.
+ minLength: 1
type: string
source:
description: source defines the unique location of the
affected system.
+ minLength: 1
+ type: string
+ timeout:
+ description: |-
+ timeout is the maximum time allowed to invoke the pagerduty
+ It requires Alertmanager >= v0.30.0.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
url:
description: url defines the URL to send requests to.
+ pattern: ^https?://.+$
type: string
type: object
type: array
@@ -16453,6 +16702,7 @@ spec:
description: |-
device defines the name of a specific device to send the notification to.
If not specified, the notification is sent to all user's devices.
+ minLength: 1
type: string
expire:
description: |-
@@ -16464,6 +16714,7 @@ spec:
description: |-
html defines whether notification message is HTML or plain text.
When true, the message can include HTML formatting tags.
+ html and monospace formatting are mutually exclusive.
type: boolean
httpConfig:
description: httpConfig defines the HTTP client configuration
@@ -17168,6 +17419,7 @@ spec:
description: |-
message defines the notification message content.
This is the main body text of the Pushover notification.
+ minLength: 1
type: string
monospace:
description: |-
@@ -17178,6 +17430,7 @@ spec:
description: |-
priority defines the notification priority level.
See https://pushover.net/api#priority for valid values and behavior.
+ minLength: 1
type: string
retry:
description: |-
@@ -17193,11 +17446,13 @@ spec:
description: |-
sound defines the name of one of the sounds supported by device clients.
This overrides the user's default sound choice for this notification.
+ minLength: 1
type: string
title:
description: |-
title defines the notification title displayed in the Pushover message.
This appears as the bold header text in the notification.
+ minLength: 1
type: string
token:
description: |-
@@ -17238,11 +17493,13 @@ spec:
description: |-
url defines a supplementary URL shown alongside the message.
This creates a clickable link within the Pushover notification.
+ pattern: ^https?://.+$
type: string
urlTitle:
description: |-
urlTitle defines a title for the supplementary URL.
If not specified, the raw URL is shown instead.
+ minLength: 1
type: string
userKey:
description: |-
@@ -18195,11 +18452,13 @@ spec:
description: |-
dismissText defines the label for the cancel button in the dialog.
When not specified, defaults to "Cancel". This button cancels the action.
+ minLength: 1
type: string
okText:
description: |-
okText defines the label for the confirmation button in the dialog.
When not specified, defaults to "Okay". This button proceeds with the action.
+ minLength: 1
type: string
text:
description: |-
@@ -18211,6 +18470,7 @@ spec:
description: |-
title defines the title text displayed at the top of the confirmation dialog.
When not specified, a default title will be used.
+ minLength: 1
type: string
required:
- text
@@ -18219,11 +18479,13 @@ spec:
description: |-
name defines a unique identifier for the action within the message.
This value is sent back to your application when the action is triggered.
+ minLength: 1
type: string
style:
description: |-
style defines the visual appearance of the action element.
Valid values include "default", "primary" (green), and "danger" (red).
+ minLength: 1
type: string
text:
description: |-
@@ -18241,17 +18503,21 @@ spec:
description: |-
url defines the URL to open when the action is triggered.
Only applicable for button-type actions. When set, clicking the button opens this URL.
+ pattern: ^https?://.+$
type: string
value:
description: |-
value defines the payload sent when the action is triggered.
This data is included in the callback sent to your application.
+ minLength: 1
type: string
required:
- text
- type
type: object
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
apiURL:
description: |-
apiURL defines the secret's key that contains the Slack webhook URL.
@@ -18275,19 +18541,23 @@ spec:
callbackId:
description: callbackId defines an identifier for the
message used in interactive components.
+ minLength: 1
type: string
channel:
description: channel defines the channel or user to send
notifications to.
+ minLength: 1
type: string
color:
description: |-
color defines the color of the left border of the Slack message attachment.
Can be a hex color code (e.g., "#ff0000") or a predefined color name.
+ minLength: 1
type: string
fallback:
description: fallback defines a plain-text summary of
the attachment for clients that don't support attachments.
+ minLength: 1
type: string
fields:
description: fields defines a list of Slack fields that
@@ -18321,10 +18591,13 @@ spec:
- title
- value
type: object
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
footer:
description: footer defines small text displayed at the
bottom of the message attachment.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client configuration.
@@ -19027,14 +19300,17 @@ spec:
iconEmoji:
description: iconEmoji defines the emoji to use as the
bot's avatar (e.g., ":ghost:").
+ minLength: 1
type: string
iconURL:
description: iconURL defines the URL to an image to use
as the bot's avatar.
+ pattern: ^https?://.+$
type: string
imageURL:
description: imageURL defines the URL to an image file
that will be displayed inside the message attachment.
+ pattern: ^https?://.+$
type: string
linkNames:
description: |-
@@ -19046,11 +19322,15 @@ spec:
mrkdwnIn defines which fields should be parsed as Slack markdown.
Valid values include "pretext", "text", and "fields".
items:
+ minLength: 1
type: string
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
pretext:
description: pretext defines optional text that appears
above the message attachment block.
+ minLength: 1
type: string
sendResolved:
description: sendResolved defines whether or not to notify
@@ -19064,22 +19344,34 @@ spec:
text:
description: text defines the main text content of the
Slack message attachment.
+ minLength: 1
type: string
thumbURL:
description: |-
thumbURL defines the URL to an image file that will be displayed as a thumbnail
on the right side of the message attachment.
+ pattern: ^https?://.+$
+ type: string
+ timeout:
+ description: |-
+ timeout defines the maximum time to wait for a webhook request to complete,
+ before failing the request and allowing it to be retried.
+ It requires Alertmanager >= v0.30.0.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
title:
description: title defines the title text displayed in
the Slack message attachment.
+ minLength: 1
type: string
titleLink:
description: titleLink defines the URL that the title
will link to when clicked.
+ pattern: ^https?://.+$
type: string
username:
description: username defines the slack bot user name.
+ minLength: 1
type: string
type: object
type: array
@@ -19918,6 +20210,7 @@ spec:
description: |-
apiURL defines the Telegram API URL, e.g. https://api.telegram.org.
If not specified, the default Telegram API URL will be used.
+ pattern: ^https?://.+$
type: string
botToken:
description: |-
@@ -20719,6 +21012,7 @@ spec:
description: |-
apiUrl defines the VictorOps API URL.
When not specified, defaults to the standard VictorOps API endpoint.
+ pattern: ^https?://.+$
type: string
customFields:
description: |-
@@ -20743,10 +21037,12 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
entityDisplayName:
description: |-
entityDisplayName contains a summary of the alerted problem.
This appears as the main title or identifier for the incident.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client's configuration
@@ -21451,16 +21747,19 @@ spec:
description: |-
messageType describes the behavior of the alert.
Valid values are "CRITICAL", "WARNING", and "INFO".
+ minLength: 1
type: string
monitoringTool:
description: |-
monitoringTool defines the monitoring tool the state message is from.
This helps identify the source system that generated the alert.
+ minLength: 1
type: string
routingKey:
description: |-
routingKey defines a key used to map the alert to a team.
This determines which VictorOps team will receive the alert notification.
+ minLength: 1
type: string
sendResolved:
description: sendResolved defines whether or not to notify
@@ -21470,7 +21769,10 @@ spec:
description: |-
stateMessage contains a long explanation of the alerted problem.
This provides detailed context about the incident.
+ minLength: 1
type: string
+ required:
+ - routingKey
type: object
type: array
webexConfigs:
@@ -22929,6 +23231,7 @@ spec:
description: |-
url defines the URL to send HTTP POST requests to.
urlSecret takes precedence over url. One of urlSecret and url should be defined.
+ pattern: ^https?://.+$
type: string
urlSecret:
description: |-
@@ -22989,6 +23292,7 @@ spec:
description: |-
apiURL defines the WeChat API URL.
When not specified, defaults to the standard WeChat Work API endpoint.
+ pattern: ^https?://.+$
type: string
corpID:
description: |-
@@ -23908,8 +24212,113 @@ spec:
type: object
type: array
type: object
+ status:
+ description: |-
+ status defines the status subresource. It is under active development and is updated only when the
+ "StatusForConfigurationResources" feature gate is enabled.
+
+ Most recent observed status of the ServiceMonitor. Read-only.
+ More info:
+ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bindings:
+ description: bindings defines the list of workload resources (Prometheus,
+ PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration
+ resource.
+ items:
+ description: WorkloadBinding is a link between a configuration resource
+ and a workload resource.
+ properties:
+ conditions:
+ description: conditions defines the current state of the configuration
+ resource when bound to the referenced Workload object.
+ items:
+ description: ConfigResourceCondition describes the status
+ of configuration resources linked to Prometheus, PrometheusAgent,
+ Alertmanager or ThanosRuler.
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime defines the time of the
+ last update to the current status property.
+ format: date-time
+ type: string
+ message:
+ description: message defines the human-readable message
+ indicating details for the condition's last transition.
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration defines the .metadata.generation that the
+ condition was set based upon. For instance, if `.metadata.generation` is
+ currently 12, but the `.status.conditions[].observedGeneration` is 9, the
+ condition is out of date with respect to the current state of the object.
+ format: int64
+ type: integer
+ reason:
+ description: reason for the condition's last transition.
+ type: string
+ status:
+ description: status of the condition.
+ minLength: 1
+ type: string
+ type:
+ description: |-
+ type of the condition being reported.
+ Currently, only "Accepted" is supported.
+ enum:
+ - Accepted
+ minLength: 1
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ group:
+ description: group defines the group of the referenced resource.
+ enum:
+ - monitoring.coreos.com
+ type: string
+ name:
+ description: name defines the name of the referenced object.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace defines the namespace of the referenced
+ object.
+ minLength: 1
+ type: string
+ resource:
+ description: resource defines the type of resource being referenced
+ (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager).
+ enum:
+ - prometheuses
+ - prometheusagents
+ - thanosrulers
+ - alertmanagers
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - name
+ - namespace
+ x-kubernetes-list-type: map
+ type: object
required:
- spec
type: object
served: true
storage: false
+ subresources:
+ status: {}
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml
index e57360088a4..9aaa86c0575 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml
@@ -2318,7 +2318,7 @@ spec:
type: string
type: object
webex:
- description: webex defines the default configuration for Jira.
+ description: webex defines the default configuration for Webex.
properties:
apiURL:
description: |-
@@ -6140,10 +6140,18 @@ spec:
type: string
minReadySeconds:
description: |-
- minReadySeconds defines the minimum number of seconds for which a newly created pod should be ready
- without any of its container crashing for it to be considered available.
+ minReadySeconds defines the minimum number of seconds for which a newly
+ created pod should be ready without any of its container crashing for it
+ to be considered available.
If unset, pods will be considered available as soon as they are ready.
+
+ When the Alertmanager version is greater than or equal to v0.30.0, the
+ duration is also used to delay the first flush of the aggregation
+ groups. This delay helps ensuring that all alerts have been resent by
+ the Prometheus instances to Alertmanager after a roll-out. It is
+ possible to override this behavior passing a custom value via
+ `.spec.additionalArgs`.
format: int32
minimum: 0
type: integer
@@ -6181,6 +6189,21 @@ spec:
the replica count to be deleted.
type: string
type: object
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the Alertmanager pods.
@@ -7520,6 +7543,48 @@ spec:
- whenUnsatisfiable
type: object
type: array
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: version the cluster should be on.
type: string
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml
index 74314849094..f2fd4a55ee3 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_podmonitors.yaml
@@ -1186,6 +1186,11 @@ spec:
Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
type: boolean
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml
index 86ad94b44a6..d4deb2623a1 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_probes.yaml
@@ -52,7 +52,11 @@ spec:
for target discovery by Prometheus.
properties:
authorization:
- description: authorization section for this endpoint
+ description: |-
+ authorization configures the Authorization header credentials used by
+ the client.
+
+ Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.
properties:
credentials:
description: credentials defines a key of a Secret in the namespace
@@ -90,8 +94,10 @@ spec:
type: object
basicAuth:
description: |-
- basicAuth allow an endpoint to authenticate over basic authentication.
- More info: https://prometheus.io/docs/operating/configuration/#endpoint
+ basicAuth defines the Basic Authentication credentials used by the
+ client.
+
+ Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.
properties:
password:
description: |-
@@ -148,9 +154,14 @@ spec:
type: object
bearerTokenSecret:
description: |-
- bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret
- needs to be in the same namespace as the probe and accessible by
- the Prometheus Operator.
+ bearerTokenSecret defines a key of a Secret containing the bearer token
+ used by the client for authentication. The secret needs to be in the
+ same namespace as the custom resource and readable by the Prometheus
+ Operator.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.
+
+ Deprecated: use `authorization` instead.
properties:
key:
description: The key of the secret to select from. Must be a
@@ -177,6 +188,9 @@ spec:
convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets.
It requires Prometheus >= v3.0.0.
type: boolean
+ enableHttp2:
+ description: enableHttp2 can be used to disable HTTP2.
+ type: boolean
fallbackScrapeProtocol:
description: |-
fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
@@ -189,6 +203,11 @@ spec:
- PrometheusText0.0.4
- PrometheusText1.0.0
type: string
+ followRedirects:
+ description: |-
+ followRedirects defines whether the client should follow HTTP 3xx
+ redirects.
+ type: boolean
interval:
description: |-
interval at which targets are probed using the configured prober.
@@ -336,8 +355,12 @@ spec:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
oauth2:
- description: oauth2 for the URL. Only valid in Prometheus versions
- 2.27.0 and newer.
+ description: |-
+ oauth2 defines the OAuth2 settings used by the client.
+
+ It requires Prometheus >= 2.27.0.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.
properties:
clientId:
description: |-
@@ -791,6 +814,11 @@ spec:
Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
type: boolean
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -1107,8 +1135,7 @@ spec:
type: object
type: object
tlsConfig:
- description: tlsConfig defines the TLS configuration to use when scraping
- the endpoint.
+ description: tlsConfig defines the TLS configuration used by the client.
properties:
ca:
description: ca defines the Certificate authority used when verifying
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml
index b7b5420c889..a85c29d69bc 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml
@@ -5135,6 +5135,21 @@ spec:
the replica count to be deleted.
type: string
type: object
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the Prometheus pods.
@@ -5493,7 +5508,7 @@ spec:
managedIdentity:
description: |-
managedIdentity defines the Azure User-assigned Managed identity.
- Cannot be set at the same time as `oauth` or `sdk`.
+ Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
properties:
clientId:
description: |-
@@ -5506,7 +5521,7 @@ spec:
oauth:
description: |-
oauth defines the oauth config that is being used to authenticate.
- Cannot be set at the same time as `managedIdentity` or `sdk`.
+ Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
properties:
@@ -5554,11 +5569,17 @@ spec:
- clientSecret
- tenantId
type: object
+ scope:
+ description: |-
+ scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ pattern: ^[\w\s:/.\\-]+$
+ type: string
sdk:
description: |-
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- Cannot be set at the same time as `oauth` or `managedIdentity`.
+ Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
properties:
@@ -5569,6 +5590,27 @@ spec:
pattern: ^[0-9a-zA-Z-.]+$
type: string
type: object
+ workloadIdentity:
+ description: |-
+ workloadIdentity defines the Azure Workload Identity authentication.
+ Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+
+ It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ properties:
+ clientId:
+ description: clientId is the clientID of the Azure Active
+ Directory application.
+ minLength: 1
+ type: string
+ tenantId:
+ description: tenantId is the tenant ID of the Azure
+ Active Directory application.
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - tenantId
+ type: object
type: object
basicAuth:
description: |-
@@ -7264,6 +7306,11 @@ spec:
Default: "30s"
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -8665,16 +8712,19 @@ spec:
properties:
clientType:
description: clientType defines the client used to export the
- traces. Supported values are `http` or `grpc`.
+ traces. Supported values are `HTTP` and `GRPC`.
enum:
- http
- grpc
+ - HTTP
+ - GRPC
type: string
compression:
description: compression key for supported compression types.
- The only supported value is `gzip`.
+ The only supported value is `Gzip`.
enum:
- gzip
+ - Gzip
type: string
endpoint:
description: endpoint to send the traces to. Should be provided
@@ -8906,6 +8956,48 @@ spec:
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
type: object
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: |-
version of Prometheus being deployed. The operator uses this information
@@ -11176,6 +11268,17 @@ spec:
rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.scrapeConfigSelector))'
- message: probeSelector cannot be set when mode is DaemonSet
rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.probeSelector))'
+ - message: scrapeConfigNamespaceSelector cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.scrapeConfigNamespaceSelector))'
+ - message: probeNamespaceSelector cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.probeNamespaceSelector))'
+ - message: serviceMonitorSelector cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.serviceMonitorSelector))'
+ - message: serviceMonitorNamespaceSelector cannot be set when mode is
+ DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.serviceMonitorNamespaceSelector))'
+ - message: additionalScrapeConfigs cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.additionalScrapeConfigs))'
status:
description: |-
status defines the most recent observed status of the Prometheus cluster. Read-only.
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml
index 36782dadceb..8f8a77622da 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml
@@ -5919,6 +5919,21 @@ spec:
the replica count to be deleted.
type: string
type: object
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the Prometheus pods.
@@ -7083,7 +7098,7 @@ spec:
managedIdentity:
description: |-
managedIdentity defines the Azure User-assigned Managed identity.
- Cannot be set at the same time as `oauth` or `sdk`.
+ Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
properties:
clientId:
description: |-
@@ -7096,7 +7111,7 @@ spec:
oauth:
description: |-
oauth defines the oauth config that is being used to authenticate.
- Cannot be set at the same time as `managedIdentity` or `sdk`.
+ Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
properties:
@@ -7144,11 +7159,17 @@ spec:
- clientSecret
- tenantId
type: object
+ scope:
+ description: |-
+ scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ pattern: ^[\w\s:/.\\-]+$
+ type: string
sdk:
description: |-
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- Cannot be set at the same time as `oauth` or `managedIdentity`.
+ Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
properties:
@@ -7159,6 +7180,27 @@ spec:
pattern: ^[0-9a-zA-Z-.]+$
type: string
type: object
+ workloadIdentity:
+ description: |-
+ workloadIdentity defines the Azure Workload Identity authentication.
+ Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+
+ It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ properties:
+ clientId:
+ description: clientId is the clientID of the Azure Active
+ Directory application.
+ minLength: 1
+ type: string
+ tenantId:
+ description: tenantId is the tenant ID of the Azure
+ Active Directory application.
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - tenantId
+ type: object
type: object
basicAuth:
description: |-
@@ -8999,6 +9041,11 @@ spec:
Default: "30s"
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -10962,16 +11009,19 @@ spec:
properties:
clientType:
description: clientType defines the client used to export the
- traces. Supported values are `http` or `grpc`.
+ traces. Supported values are `HTTP` and `GRPC`.
enum:
- http
- grpc
+ - HTTP
+ - GRPC
type: string
compression:
description: compression key for supported compression types.
- The only supported value is `gzip`.
+ The only supported value is `Gzip`.
enum:
- gzip
+ - Gzip
type: string
endpoint:
description: endpoint to send the traces to. Should be provided
@@ -11203,6 +11253,48 @@ spec:
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
type: object
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: |-
version of Prometheus being deployed. The operator uses this information
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_scrapeconfigs.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_scrapeconfigs.yaml
index b5a4e9dda9a..768553cfcd5 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_scrapeconfigs.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_scrapeconfigs.yaml
@@ -12536,6 +12536,11 @@ spec:
scrapes.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_servicemonitors.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_servicemonitors.yaml
index 81ddef4af18..666860894dd 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_servicemonitors.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_servicemonitors.yaml
@@ -94,10 +94,10 @@ spec:
properties:
authorization:
description: |-
- authorization configures the Authorization header credentials to use when
- scraping the target.
+ authorization configures the Authorization header credentials used by
+ the client.
- Cannot be set at the same time as `basicAuth`, or `oauth2`.
+ Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.
properties:
credentials:
description: credentials defines a key of a Secret in the
@@ -135,10 +135,10 @@ spec:
type: object
basicAuth:
description: |-
- basicAuth defines the Basic Authentication credentials to use when
- scraping the target.
+ basicAuth defines the Basic Authentication credentials used by the
+ client.
- Cannot be set at the same time as `authorization`, or `oauth2`.
+ Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.
properties:
password:
description: |-
@@ -201,9 +201,12 @@ spec:
type: string
bearerTokenSecret:
description: |-
- bearerTokenSecret defines a key of a Secret containing the bearer
- token for scraping targets. The secret needs to be in the same namespace
- as the ServiceMonitor object and readable by the Prometheus Operator.
+ bearerTokenSecret defines a key of a Secret containing the bearer token
+ used by the client for authentication. The secret needs to be in the
+ same namespace as the custom resource and readable by the Prometheus
+ Operator.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.
Deprecated: use `authorization` instead.
properties:
@@ -229,8 +232,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
enableHttp2:
- description: enableHttp2 can be used to disable HTTP2 when scraping
- the target.
+ description: enableHttp2 can be used to disable HTTP2.
type: boolean
filterRunning:
description: |-
@@ -243,8 +245,8 @@ spec:
type: boolean
followRedirects:
description: |-
- followRedirects defines whether the scrape requests should follow HTTP
- 3xx redirects.
+ followRedirects defines whether the client should follow HTTP 3xx
+ redirects.
type: boolean
honorLabels:
description: |-
@@ -362,11 +364,11 @@ spec:
type: string
oauth2:
description: |-
- oauth2 defines the OAuth2 settings to use when scraping the target.
+ oauth2 defines the OAuth2 settings used by the client.
It requires Prometheus >= 2.27.0.
- Cannot be set at the same time as `authorization`, or `basicAuth`.
+ Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.
properties:
clientId:
description: |-
@@ -878,8 +880,8 @@ spec:
Service. The port must be specified with the container's port property.
x-kubernetes-int-or-string: true
tlsConfig:
- description: tlsConfig defines the TLS configuration to use
- when scraping the target.
+ description: tlsConfig defines TLS configuration used by the
+ client.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -1179,6 +1181,11 @@ spec:
Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
type: boolean
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml
index cc3a4b196a7..5dafe29fb0b 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml
@@ -4643,6 +4643,21 @@ spec:
paused defines when a ThanosRuler deployment is paused, no actions except for deletion
will be performed on the underlying objects.
type: boolean
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the ThanosRuler pods.
@@ -4836,7 +4851,7 @@ spec:
managedIdentity:
description: |-
managedIdentity defines the Azure User-assigned Managed identity.
- Cannot be set at the same time as `oauth` or `sdk`.
+ Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
properties:
clientId:
description: |-
@@ -4849,7 +4864,7 @@ spec:
oauth:
description: |-
oauth defines the oauth config that is being used to authenticate.
- Cannot be set at the same time as `managedIdentity` or `sdk`.
+ Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
properties:
@@ -4897,11 +4912,17 @@ spec:
- clientSecret
- tenantId
type: object
+ scope:
+ description: |-
+ scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ pattern: ^[\w\s:/.\\-]+$
+ type: string
sdk:
description: |-
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- Cannot be set at the same time as `oauth` or `managedIdentity`.
+ Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
properties:
@@ -4912,6 +4933,27 @@ spec:
pattern: ^[0-9a-zA-Z-.]+$
type: string
type: object
+ workloadIdentity:
+ description: |-
+ workloadIdentity defines the Azure Workload Identity authentication.
+ Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+
+ It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ properties:
+ clientId:
+ description: clientId is the clientID of the Azure Active
+ Directory application.
+ minLength: 1
+ type: string
+ tenantId:
+ description: tenantId is the tenant ID of the Azure
+ Active Directory application.
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - tenantId
+ type: object
type: object
basicAuth:
description: |-
@@ -7318,6 +7360,48 @@ spec:
This field takes precedence over `tracingConfig`.
type: string
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: version of Thanos to be deployed.
type: string
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
index ae40977b30d..ccb35e23f10 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: alertmanagerconfigs.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -63,6 +63,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
sourceMatch:
description: |-
sourceMatch defines matchers for which one or more alerts have to exist for the inhibition
@@ -102,6 +103,7 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
targetMatch:
description: |-
targetMatch defines matchers that have to be fulfilled in the alerts to be muted.
@@ -141,8 +143,10 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
muteTimeIntervals:
description: muteTimeIntervals defines the list of MuteTimeInterval
specifying when the routes should be muted.
@@ -176,6 +180,7 @@ spec:
type: integer
type: object
type: array
+ x-kubernetes-list-type: atomic
months:
description: months defines a list of MonthRange
items:
@@ -185,6 +190,7 @@ spec:
pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$)
type: string
type: array
+ x-kubernetes-list-type: atomic
times:
description: times defines a list of TimeRange
items:
@@ -203,6 +209,7 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
weekdays:
description: weekdays defines a list of WeekdayRange
items:
@@ -212,6 +219,7 @@ spec:
pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)
type: string
type: array
+ x-kubernetes-list-type: atomic
years:
description: years defines a list of YearRange
items:
@@ -219,12 +227,15 @@ spec:
pattern: ^2\d{3}(?::2\d{3}|$)
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
required:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
receivers:
description: receivers defines the list of receivers.
items:
@@ -1000,6 +1011,7 @@ spec:
- apiURL
type: object
type: array
+ x-kubernetes-list-type: atomic
emailConfigs:
description: emailConfigs defines the list of Email configurations.
items:
@@ -1098,6 +1110,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
hello:
description: |-
hello defines the hostname to identify to the SMTP server.
@@ -1303,6 +1316,7 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
msteamsConfigs:
description: |-
msteamsConfigs defines the list of MSTeams configurations.
@@ -2068,6 +2082,7 @@ spec:
- webhookUrl
type: object
type: array
+ x-kubernetes-list-type: atomic
msteamsv2Configs:
description: |-
msteamsv2Configs defines the list of MSTeamsV2 configurations.
@@ -2828,6 +2843,7 @@ spec:
x-kubernetes-map-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
name:
description: name defines the name of the receiver. Must be
unique across all items from the list.
@@ -2876,6 +2892,7 @@ spec:
description: |-
apiURL defines the URL to send OpsGenie API requests to.
When not specified, defaults to the standard OpsGenie API endpoint.
+ pattern: ^https?://.+$
type: string
description:
description: |-
@@ -2905,6 +2922,7 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
entity:
description: |-
entity defines an optional field that can be used to specify which domain alert is related to.
@@ -3672,6 +3690,7 @@ spec:
- type
type: object
type: array
+ x-kubernetes-list-type: atomic
sendResolved:
description: sendResolved defines whether or not to notify
about resolved alerts.
@@ -3693,6 +3712,7 @@ spec:
type: boolean
type: object
type: array
+ x-kubernetes-list-type: atomic
pagerdutyConfigs:
description: pagerdutyConfigs defines the List of PagerDuty
configurations.
@@ -3703,20 +3723,25 @@ spec:
properties:
class:
description: class defines the class/type of the event.
+ minLength: 1
type: string
client:
description: client defines the client identification.
+ minLength: 1
type: string
clientURL:
description: clientURL defines the backlink to the sender
of notification.
+ pattern: ^https?://.+$
type: string
component:
description: component defines the part or component of
the affected system that is broken.
+ minLength: 1
type: string
description:
description: description of the incident.
+ minLength: 1
type: string
details:
description: details defines the arbitrary key/value pairs
@@ -3740,8 +3765,10 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
group:
description: group defines a cluster or grouping of sources.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client configuration.
@@ -4459,17 +4486,21 @@ spec:
alt:
description: alt is the optional alternative text
for the image.
+ minLength: 1
type: string
href:
description: href defines the optional URL; makes
the image a clickable link.
+ pattern: ^https?://.+$
type: string
src:
description: src of the image being attached to
the incident
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
pagerDutyLinkConfigs:
description: pagerDutyLinkConfigs defines a list of link
details to attach that provide further detail about
@@ -4482,13 +4513,16 @@ spec:
description: alt defines the text that describes
the purpose of the link, and can be used as the
link's text.
+ minLength: 1
type: string
href:
description: href defines the URL of the link to
be attached
+ pattern: ^https?://.+$
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
routingKey:
description: |-
routingKey defines the secret's key that contains the PagerDuty integration key (when using
@@ -4552,16 +4586,26 @@ spec:
x-kubernetes-map-type: atomic
severity:
description: severity of the incident.
+ minLength: 1
type: string
source:
description: source defines the unique location of the
affected system.
+ minLength: 1
+ type: string
+ timeout:
+ description: |-
+ timeout is the maximum time allowed to invoke the pagerduty
+ It requires Alertmanager >= v0.30.0.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
url:
description: url defines the URL to send requests to.
+ pattern: ^https?://.+$
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
pushoverConfigs:
description: pushoverConfigs defines the list of Pushover configurations.
items:
@@ -4573,6 +4617,7 @@ spec:
description: |-
device defines the name of a specific device to send the notification to.
If not specified, the notification is sent to all user's devices.
+ minLength: 1
type: string
expire:
description: |-
@@ -4584,6 +4629,7 @@ spec:
description: |-
html defines whether notification message is HTML or plain text.
When true, the message can include HTML formatting tags.
+ html and monospace formatting are mutually exclusive.
type: boolean
httpConfig:
description: httpConfig defines the HTTP client configuration
@@ -5295,6 +5341,7 @@ spec:
description: |-
message defines the notification message content.
This is the main body text of the Pushover notification.
+ minLength: 1
type: string
monospace:
description: |-
@@ -5305,6 +5352,7 @@ spec:
description: |-
priority defines the notification priority level.
See https://pushover.net/api#priority for valid values and behavior.
+ minLength: 1
type: string
retry:
description: |-
@@ -5320,11 +5368,13 @@ spec:
description: |-
sound defines the name of one of the sounds supported by device clients.
This overrides the user's default sound choice for this notification.
+ minLength: 1
type: string
title:
description: |-
title defines the notification title displayed in the Pushover message.
This appears as the bold header text in the notification.
+ minLength: 1
type: string
token:
description: |-
@@ -5361,6 +5411,7 @@ spec:
See https://pushover.net/apps for application registration.
Either `token` or `tokenFile` is required.
It requires Alertmanager >= v0.26.0.
+ minLength: 1
type: string
ttl:
description: |-
@@ -5372,11 +5423,13 @@ spec:
description: |-
url defines a supplementary URL shown alongside the message.
This creates a clickable link within the Pushover notification.
+ pattern: ^https?://.+$
type: string
urlTitle:
description: |-
urlTitle defines a title for the supplementary URL.
If not specified, the raw URL is shown instead.
+ minLength: 1
type: string
userKey:
description: |-
@@ -5411,9 +5464,11 @@ spec:
userKeyFile defines the user key file that contains the recipient user's user key.
Either `userKey` or `userKeyFile` is required.
It requires Alertmanager >= v0.26.0.
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
rocketchatConfigs:
description: |-
rocketchatConfigs defines the list of RocketChat configurations.
@@ -5452,6 +5507,7 @@ spec:
type: object
minItems: 1
type: array
+ x-kubernetes-list-type: atomic
apiURL:
description: |-
apiURL defines the API URL for RocketChat.
@@ -5504,6 +5560,7 @@ spec:
type: object
minItems: 1
type: array
+ x-kubernetes-list-type: atomic
httpConfig:
description: httpConfig defines the HTTP client configuration
for RocketChat API requests.
@@ -6317,6 +6374,7 @@ spec:
- tokenID
type: object
type: array
+ x-kubernetes-list-type: atomic
slackConfigs:
description: slackConfigs defines the list of Slack configurations.
items:
@@ -6343,11 +6401,13 @@ spec:
description: |-
dismissText defines the label for the cancel button in the dialog.
When not specified, defaults to "Cancel". This button cancels the action.
+ minLength: 1
type: string
okText:
description: |-
okText defines the label for the confirmation button in the dialog.
When not specified, defaults to "Okay". This button proceeds with the action.
+ minLength: 1
type: string
text:
description: |-
@@ -6359,6 +6419,7 @@ spec:
description: |-
title defines the title text displayed at the top of the confirmation dialog.
When not specified, a default title will be used.
+ minLength: 1
type: string
required:
- text
@@ -6367,11 +6428,13 @@ spec:
description: |-
name defines a unique identifier for the action within the message.
This value is sent back to your application when the action is triggered.
+ minLength: 1
type: string
style:
description: |-
style defines the visual appearance of the action element.
Valid values include "default", "primary" (green), and "danger" (red).
+ minLength: 1
type: string
text:
description: |-
@@ -6389,17 +6452,21 @@ spec:
description: |-
url defines the URL to open when the action is triggered.
Only applicable for button-type actions. When set, clicking the button opens this URL.
+ pattern: ^https?://.+$
type: string
value:
description: |-
value defines the payload sent when the action is triggered.
This data is included in the callback sent to your application.
+ minLength: 1
type: string
required:
- text
- type
type: object
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
apiURL:
description: |-
apiURL defines the secret's key that contains the Slack webhook URL.
@@ -6430,19 +6497,23 @@ spec:
callbackId:
description: callbackId defines an identifier for the
message used in interactive components.
+ minLength: 1
type: string
channel:
description: channel defines the channel or user to send
notifications to.
+ minLength: 1
type: string
color:
description: |-
color defines the color of the left border of the Slack message attachment.
Can be a hex color code (e.g., "#ff0000") or a predefined color name.
+ minLength: 1
type: string
fallback:
description: fallback defines a plain-text summary of
the attachment for clients that don't support attachments.
+ minLength: 1
type: string
fields:
description: fields defines a list of Slack fields that
@@ -6476,10 +6547,13 @@ spec:
- title
- value
type: object
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
footer:
description: footer defines small text displayed at the
bottom of the message attachment.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client configuration.
@@ -7189,14 +7263,17 @@ spec:
iconEmoji:
description: iconEmoji defines the emoji to use as the
bot's avatar (e.g., ":ghost:").
+ minLength: 1
type: string
iconURL:
description: iconURL defines the URL to an image to use
as the bot's avatar.
+ pattern: ^https?://.+$
type: string
imageURL:
description: imageURL defines the URL to an image file
that will be displayed inside the message attachment.
+ pattern: ^https?://.+$
type: string
linkNames:
description: |-
@@ -7208,11 +7285,15 @@ spec:
mrkdwnIn defines which fields should be parsed as Slack markdown.
Valid values include "pretext", "text", and "fields".
items:
+ minLength: 1
type: string
+ minItems: 1
type: array
+ x-kubernetes-list-type: atomic
pretext:
description: pretext defines optional text that appears
above the message attachment block.
+ minLength: 1
type: string
sendResolved:
description: sendResolved defines whether or not to notify
@@ -7226,25 +7307,38 @@ spec:
text:
description: text defines the main text content of the
Slack message attachment.
+ minLength: 1
type: string
thumbURL:
description: |-
thumbURL defines the URL to an image file that will be displayed as a thumbnail
on the right side of the message attachment.
+ pattern: ^https?://.+$
+ type: string
+ timeout:
+ description: |-
+ timeout defines the maximum time to wait for a webhook request to complete,
+ before failing the request and allowing it to be retried.
+ It requires Alertmanager >= v0.30.0.
+ pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
title:
description: title defines the title text displayed in
the Slack message attachment.
+ minLength: 1
type: string
titleLink:
description: titleLink defines the URL that the title
will link to when clicked.
+ pattern: ^https?://.+$
type: string
username:
description: username defines the slack bot user name.
+ minLength: 1
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
snsConfigs:
description: snsConfigs defines the list of SNS configurations
items:
@@ -8076,6 +8170,7 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
telegramConfigs:
description: telegramConfigs defines the list of Telegram configurations.
items:
@@ -8087,6 +8182,7 @@ spec:
description: |-
apiURL defines the Telegram API URL, e.g. https://api.telegram.org.
If not specified, the default Telegram API URL will be used.
+ pattern: ^https?://.+$
type: string
botToken:
description: |-
@@ -8870,6 +8966,7 @@ spec:
- chatID
type: object
type: array
+ x-kubernetes-list-type: atomic
victoropsConfigs:
description: victoropsConfigs defines the list of VictorOps
configurations.
@@ -8909,6 +9006,7 @@ spec:
description: |-
apiUrl defines the VictorOps API URL.
When not specified, defaults to the standard VictorOps API endpoint.
+ pattern: ^https?://.+$
type: string
customFields:
description: |-
@@ -8933,10 +9031,12 @@ spec:
- value
type: object
type: array
+ x-kubernetes-list-type: atomic
entityDisplayName:
description: |-
entityDisplayName contains a summary of the alerted problem.
This appears as the main title or identifier for the incident.
+ minLength: 1
type: string
httpConfig:
description: httpConfig defines the HTTP client's configuration
@@ -9648,16 +9748,19 @@ spec:
description: |-
messageType describes the behavior of the alert.
Valid values are "CRITICAL", "WARNING", and "INFO".
+ minLength: 1
type: string
monitoringTool:
description: |-
monitoringTool defines the monitoring tool the state message is from.
This helps identify the source system that generated the alert.
+ minLength: 1
type: string
routingKey:
description: |-
routingKey defines a key used to map the alert to a team.
This determines which VictorOps team will receive the alert notification.
+ minLength: 1
type: string
sendResolved:
description: sendResolved defines whether or not to notify
@@ -9667,9 +9770,13 @@ spec:
description: |-
stateMessage contains a long explanation of the alerted problem.
This provides detailed context about the incident.
+ minLength: 1
type: string
+ required:
+ - routingKey
type: object
type: array
+ x-kubernetes-list-type: atomic
webexConfigs:
description: webexConfigs defines the list of Webex configurations.
items:
@@ -10403,6 +10510,7 @@ spec:
- roomID
type: object
type: array
+ x-kubernetes-list-type: atomic
webhookConfigs:
description: webhookConfigs defines the List of webhook configurations.
items:
@@ -11138,6 +11246,7 @@ spec:
description: |-
url defines the URL to send HTTP POST requests to.
urlSecret takes precedence over url. One of urlSecret and url should be defined.
+ pattern: ^https?://.+$
type: string
urlSecret:
description: |-
@@ -11169,6 +11278,7 @@ spec:
x-kubernetes-map-type: atomic
type: object
type: array
+ x-kubernetes-list-type: atomic
wechatConfigs:
description: wechatConfigs defines the list of WeChat configurations.
items:
@@ -11212,6 +11322,7 @@ spec:
description: |-
apiURL defines the WeChat API URL.
When not specified, defaults to the standard WeChat Work API endpoint.
+ pattern: ^https?://.+$
type: string
corpID:
description: |-
@@ -11955,10 +12066,14 @@ spec:
type: string
type: object
type: array
+ x-kubernetes-list-type: atomic
required:
- name
type: object
type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
route:
description: |-
route defines the Alertmanager route definition for alerts matching the resource's
@@ -11971,6 +12086,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: set
continue:
description: |-
continue defines the boolean indicating whether an alert should continue matching subsequent
@@ -11985,6 +12101,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: set
groupInterval:
description: |-
groupInterval defines how long to wait before sending an updated notification.
@@ -12037,12 +12154,14 @@ spec:
- name
type: object
type: array
+ x-kubernetes-list-type: atomic
muteTimeIntervals:
description: muteTimeIntervals is a list of MuteTimeInterval names
that will mute this route when matched,
items:
type: string
type: array
+ x-kubernetes-list-type: set
receiver:
description: |-
receiver defines the name of the receiver for this route. If not empty, it should be listed in
@@ -12059,10 +12178,116 @@ spec:
items:
x-kubernetes-preserve-unknown-fields: true
type: array
+ x-kubernetes-list-type: atomic
type: object
type: object
+ status:
+ description: |-
+ status defines the status subresource. It is under active development and is updated only when the
+ "StatusForConfigurationResources" feature gate is enabled.
+
+ Most recent observed status of the ServiceMonitor. Read-only.
+ More info:
+ https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ bindings:
+ description: bindings defines the list of workload resources (Prometheus,
+ PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration
+ resource.
+ items:
+ description: WorkloadBinding is a link between a configuration resource
+ and a workload resource.
+ properties:
+ conditions:
+ description: conditions defines the current state of the configuration
+ resource when bound to the referenced Workload object.
+ items:
+ description: ConfigResourceCondition describes the status
+ of configuration resources linked to Prometheus, PrometheusAgent,
+ Alertmanager or ThanosRuler.
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime defines the time of the
+ last update to the current status property.
+ format: date-time
+ type: string
+ message:
+ description: message defines the human-readable message
+ indicating details for the condition's last transition.
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration defines the .metadata.generation that the
+ condition was set based upon. For instance, if `.metadata.generation` is
+ currently 12, but the `.status.conditions[].observedGeneration` is 9, the
+ condition is out of date with respect to the current state of the object.
+ format: int64
+ type: integer
+ reason:
+ description: reason for the condition's last transition.
+ type: string
+ status:
+ description: status of the condition.
+ minLength: 1
+ type: string
+ type:
+ description: |-
+ type of the condition being reported.
+ Currently, only "Accepted" is supported.
+ enum:
+ - Accepted
+ minLength: 1
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ group:
+ description: group defines the group of the referenced resource.
+ enum:
+ - monitoring.coreos.com
+ type: string
+ name:
+ description: name defines the name of the referenced object.
+ minLength: 1
+ type: string
+ namespace:
+ description: namespace defines the namespace of the referenced
+ object.
+ minLength: 1
+ type: string
+ resource:
+ description: resource defines the type of resource being referenced
+ (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager).
+ enum:
+ - prometheuses
+ - prometheusagents
+ - thanosrulers
+ - alertmanagers
+ type: string
+ required:
+ - group
+ - name
+ - namespace
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - resource
+ - name
+ - namespace
+ x-kubernetes-list-type: map
+ type: object
required:
- spec
type: object
served: true
storage: true
+ subresources:
+ status: {}
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
index 799bd7eb203..a6b3a355a97 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: alertmanagers.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -2319,7 +2319,7 @@ spec:
type: string
type: object
webex:
- description: webex defines the default configuration for Jira.
+ description: webex defines the default configuration for Webex.
properties:
apiURL:
description: |-
@@ -6141,10 +6141,18 @@ spec:
type: string
minReadySeconds:
description: |-
- minReadySeconds defines the minimum number of seconds for which a newly created pod should be ready
- without any of its container crashing for it to be considered available.
+ minReadySeconds defines the minimum number of seconds for which a newly
+ created pod should be ready without any of its container crashing for it
+ to be considered available.
If unset, pods will be considered available as soon as they are ready.
+
+ When the Alertmanager version is greater than or equal to v0.30.0, the
+ duration is also used to delay the first flush of the aggregation
+ groups. This delay helps ensuring that all alerts have been resent by
+ the Prometheus instances to Alertmanager after a roll-out. It is
+ possible to override this behavior passing a custom value via
+ `.spec.additionalArgs`.
format: int32
minimum: 0
type: integer
@@ -6182,6 +6190,21 @@ spec:
the replica count to be deleted.
type: string
type: object
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the Alertmanager pods.
@@ -7521,6 +7544,48 @@ spec:
- whenUnsatisfiable
type: object
type: array
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: version the cluster should be on.
type: string
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
index a046c2d20b2..809cc597f26 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: podmonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -1187,6 +1187,11 @@ spec:
Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
type: boolean
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
index 76cb66536b5..97fee23a0f8 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: probes.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -53,7 +53,11 @@ spec:
for target discovery by Prometheus.
properties:
authorization:
- description: authorization section for this endpoint
+ description: |-
+ authorization configures the Authorization header credentials used by
+ the client.
+
+ Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.
properties:
credentials:
description: credentials defines a key of a Secret in the namespace
@@ -91,8 +95,10 @@ spec:
type: object
basicAuth:
description: |-
- basicAuth allow an endpoint to authenticate over basic authentication.
- More info: https://prometheus.io/docs/operating/configuration/#endpoint
+ basicAuth defines the Basic Authentication credentials used by the
+ client.
+
+ Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.
properties:
password:
description: |-
@@ -149,9 +155,14 @@ spec:
type: object
bearerTokenSecret:
description: |-
- bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret
- needs to be in the same namespace as the probe and accessible by
- the Prometheus Operator.
+ bearerTokenSecret defines a key of a Secret containing the bearer token
+ used by the client for authentication. The secret needs to be in the
+ same namespace as the custom resource and readable by the Prometheus
+ Operator.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.
+
+ Deprecated: use `authorization` instead.
properties:
key:
description: The key of the secret to select from. Must be a
@@ -178,6 +189,9 @@ spec:
convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets.
It requires Prometheus >= v3.0.0.
type: boolean
+ enableHttp2:
+ description: enableHttp2 can be used to disable HTTP2.
+ type: boolean
fallbackScrapeProtocol:
description: |-
fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
@@ -190,6 +204,11 @@ spec:
- PrometheusText0.0.4
- PrometheusText1.0.0
type: string
+ followRedirects:
+ description: |-
+ followRedirects defines whether the client should follow HTTP 3xx
+ redirects.
+ type: boolean
interval:
description: |-
interval at which targets are probed using the configured prober.
@@ -337,8 +356,12 @@ spec:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
oauth2:
- description: oauth2 for the URL. Only valid in Prometheus versions
- 2.27.0 and newer.
+ description: |-
+ oauth2 defines the OAuth2 settings used by the client.
+
+ It requires Prometheus >= 2.27.0.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.
properties:
clientId:
description: |-
@@ -792,6 +815,11 @@ spec:
Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
type: boolean
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -1108,8 +1136,7 @@ spec:
type: object
type: object
tlsConfig:
- description: tlsConfig defines the TLS configuration to use when scraping
- the endpoint.
+ description: tlsConfig defines the TLS configuration used by the client.
properties:
ca:
description: ca defines the Certificate authority used when verifying
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
index 46004468705..822c2b3fd16 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: prometheusagents.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -5136,6 +5136,21 @@ spec:
the replica count to be deleted.
type: string
type: object
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the Prometheus pods.
@@ -5494,7 +5509,7 @@ spec:
managedIdentity:
description: |-
managedIdentity defines the Azure User-assigned Managed identity.
- Cannot be set at the same time as `oauth` or `sdk`.
+ Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
properties:
clientId:
description: |-
@@ -5507,7 +5522,7 @@ spec:
oauth:
description: |-
oauth defines the oauth config that is being used to authenticate.
- Cannot be set at the same time as `managedIdentity` or `sdk`.
+ Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
properties:
@@ -5555,11 +5570,17 @@ spec:
- clientSecret
- tenantId
type: object
+ scope:
+ description: |-
+ scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ pattern: ^[\w\s:/.\\-]+$
+ type: string
sdk:
description: |-
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- Cannot be set at the same time as `oauth` or `managedIdentity`.
+ Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
properties:
@@ -5570,6 +5591,27 @@ spec:
pattern: ^[0-9a-zA-Z-.]+$
type: string
type: object
+ workloadIdentity:
+ description: |-
+ workloadIdentity defines the Azure Workload Identity authentication.
+ Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+
+ It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ properties:
+ clientId:
+ description: clientId is the clientID of the Azure Active
+ Directory application.
+ minLength: 1
+ type: string
+ tenantId:
+ description: tenantId is the tenant ID of the Azure
+ Active Directory application.
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - tenantId
+ type: object
type: object
basicAuth:
description: |-
@@ -7265,6 +7307,11 @@ spec:
Default: "30s"
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -8666,16 +8713,19 @@ spec:
properties:
clientType:
description: clientType defines the client used to export the
- traces. Supported values are `http` or `grpc`.
+ traces. Supported values are `HTTP` and `GRPC`.
enum:
- http
- grpc
+ - HTTP
+ - GRPC
type: string
compression:
description: compression key for supported compression types.
- The only supported value is `gzip`.
+ The only supported value is `Gzip`.
enum:
- gzip
+ - Gzip
type: string
endpoint:
description: endpoint to send the traces to. Should be provided
@@ -8907,6 +8957,48 @@ spec:
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
type: object
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: |-
version of Prometheus being deployed. The operator uses this information
@@ -11177,6 +11269,17 @@ spec:
rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.scrapeConfigSelector))'
- message: probeSelector cannot be set when mode is DaemonSet
rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.probeSelector))'
+ - message: scrapeConfigNamespaceSelector cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.scrapeConfigNamespaceSelector))'
+ - message: probeNamespaceSelector cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.probeNamespaceSelector))'
+ - message: serviceMonitorSelector cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.serviceMonitorSelector))'
+ - message: serviceMonitorNamespaceSelector cannot be set when mode is
+ DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.serviceMonitorNamespaceSelector))'
+ - message: additionalScrapeConfigs cannot be set when mode is DaemonSet
+ rule: '!(has(self.mode) && self.mode == ''DaemonSet'' && has(self.additionalScrapeConfigs))'
status:
description: |-
status defines the most recent observed status of the Prometheus cluster. Read-only.
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
index aed4db1ad86..c1506098a39 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: prometheuses.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -5920,6 +5920,21 @@ spec:
the replica count to be deleted.
type: string
type: object
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the Prometheus pods.
@@ -7084,7 +7099,7 @@ spec:
managedIdentity:
description: |-
managedIdentity defines the Azure User-assigned Managed identity.
- Cannot be set at the same time as `oauth` or `sdk`.
+ Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
properties:
clientId:
description: |-
@@ -7097,7 +7112,7 @@ spec:
oauth:
description: |-
oauth defines the oauth config that is being used to authenticate.
- Cannot be set at the same time as `managedIdentity` or `sdk`.
+ Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
properties:
@@ -7145,11 +7160,17 @@ spec:
- clientSecret
- tenantId
type: object
+ scope:
+ description: |-
+ scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ pattern: ^[\w\s:/.\\-]+$
+ type: string
sdk:
description: |-
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- Cannot be set at the same time as `oauth` or `managedIdentity`.
+ Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
properties:
@@ -7160,6 +7181,27 @@ spec:
pattern: ^[0-9a-zA-Z-.]+$
type: string
type: object
+ workloadIdentity:
+ description: |-
+ workloadIdentity defines the Azure Workload Identity authentication.
+ Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+
+ It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ properties:
+ clientId:
+ description: clientId is the clientID of the Azure Active
+ Directory application.
+ minLength: 1
+ type: string
+ tenantId:
+ description: tenantId is the tenant ID of the Azure
+ Active Directory application.
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - tenantId
+ type: object
type: object
basicAuth:
description: |-
@@ -9000,6 +9042,11 @@ spec:
Default: "30s"
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
@@ -10963,16 +11010,19 @@ spec:
properties:
clientType:
description: clientType defines the client used to export the
- traces. Supported values are `http` or `grpc`.
+ traces. Supported values are `HTTP` and `GRPC`.
enum:
- http
- grpc
+ - HTTP
+ - GRPC
type: string
compression:
description: compression key for supported compression types.
- The only supported value is `gzip`.
+ The only supported value is `Gzip`.
enum:
- gzip
+ - Gzip
type: string
endpoint:
description: endpoint to send the traces to. Should be provided
@@ -11204,6 +11254,48 @@ spec:
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
type: object
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: |-
version of Prometheus being deployed. The operator uses this information
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
index 8b53d6b618f..bc1805a07db 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: prometheusrules.monitoring.coreos.com
spec:
group: monitoring.coreos.com
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
index a9c6882cc9f..b509440b150 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: scrapeconfigs.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -12537,6 +12537,11 @@ spec:
scrapes.
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
type: string
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
index 690e99efa68..3ee3b43678e 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: servicemonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -95,10 +95,10 @@ spec:
properties:
authorization:
description: |-
- authorization configures the Authorization header credentials to use when
- scraping the target.
+ authorization configures the Authorization header credentials used by
+ the client.
- Cannot be set at the same time as `basicAuth`, or `oauth2`.
+ Cannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.
properties:
credentials:
description: credentials defines a key of a Secret in the
@@ -136,10 +136,10 @@ spec:
type: object
basicAuth:
description: |-
- basicAuth defines the Basic Authentication credentials to use when
- scraping the target.
+ basicAuth defines the Basic Authentication credentials used by the
+ client.
- Cannot be set at the same time as `authorization`, or `oauth2`.
+ Cannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.
properties:
password:
description: |-
@@ -202,9 +202,12 @@ spec:
type: string
bearerTokenSecret:
description: |-
- bearerTokenSecret defines a key of a Secret containing the bearer
- token for scraping targets. The secret needs to be in the same namespace
- as the ServiceMonitor object and readable by the Prometheus Operator.
+ bearerTokenSecret defines a key of a Secret containing the bearer token
+ used by the client for authentication. The secret needs to be in the
+ same namespace as the custom resource and readable by the Prometheus
+ Operator.
+
+ Cannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.
Deprecated: use `authorization` instead.
properties:
@@ -230,8 +233,7 @@ spec:
type: object
x-kubernetes-map-type: atomic
enableHttp2:
- description: enableHttp2 can be used to disable HTTP2 when scraping
- the target.
+ description: enableHttp2 can be used to disable HTTP2.
type: boolean
filterRunning:
description: |-
@@ -244,8 +246,8 @@ spec:
type: boolean
followRedirects:
description: |-
- followRedirects defines whether the scrape requests should follow HTTP
- 3xx redirects.
+ followRedirects defines whether the client should follow HTTP 3xx
+ redirects.
type: boolean
honorLabels:
description: |-
@@ -363,11 +365,11 @@ spec:
type: string
oauth2:
description: |-
- oauth2 defines the OAuth2 settings to use when scraping the target.
+ oauth2 defines the OAuth2 settings used by the client.
It requires Prometheus >= 2.27.0.
- Cannot be set at the same time as `authorization`, or `basicAuth`.
+ Cannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.
properties:
clientId:
description: |-
@@ -879,8 +881,8 @@ spec:
Service. The port must be specified with the container's port property.
x-kubernetes-int-or-string: true
tlsConfig:
- description: tlsConfig defines the TLS configuration to use
- when scraping the target.
+ description: tlsConfig defines TLS configuration used by the
+ client.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -1180,6 +1182,11 @@ spec:
Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
type: boolean
+ scrapeNativeHistograms:
+ description: |-
+ scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ It requires Prometheus >= v3.8.0.
+ type: boolean
scrapeProtocols:
description: |-
scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
index 697efae3197..a08410ed0c3 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
- operator.prometheus.io/version: 0.87.1
+ operator.prometheus.io/version: 0.88.0
name: thanosrulers.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@@ -4644,6 +4644,21 @@ spec:
paused defines when a ThanosRuler deployment is paused, no actions except for deletion
will be performed on the underlying objects.
type: boolean
+ podManagementPolicy:
+ description: |-
+ podManagementPolicy defines the policy for creating/deleting pods when
+ scaling up and down.
+
+ Unlike the default StatefulSet behavior, the default policy is
+ `Parallel` to avoid manual intervention in case a pod gets stuck during
+ a rollout.
+
+ Note that updating this value implies the recreation of the StatefulSet
+ which incurs a service outage.
+ enum:
+ - OrderedReady
+ - Parallel
+ type: string
podMetadata:
description: |-
podMetadata defines labels and annotations which are propagated to the ThanosRuler pods.
@@ -4837,7 +4852,7 @@ spec:
managedIdentity:
description: |-
managedIdentity defines the Azure User-assigned Managed identity.
- Cannot be set at the same time as `oauth` or `sdk`.
+ Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
properties:
clientId:
description: |-
@@ -4850,7 +4865,7 @@ spec:
oauth:
description: |-
oauth defines the oauth config that is being used to authenticate.
- Cannot be set at the same time as `managedIdentity` or `sdk`.
+ Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
properties:
@@ -4898,11 +4913,17 @@ spec:
- clientSecret
- tenantId
type: object
+ scope:
+ description: |-
+ scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ pattern: ^[\w\s:/.\\-]+$
+ type: string
sdk:
description: |-
sdk defines the Azure SDK config that is being used to authenticate.
See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- Cannot be set at the same time as `oauth` or `managedIdentity`.
+ Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
properties:
@@ -4913,6 +4934,27 @@ spec:
pattern: ^[0-9a-zA-Z-.]+$
type: string
type: object
+ workloadIdentity:
+ description: |-
+ workloadIdentity defines the Azure Workload Identity authentication.
+ Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+
+ It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ properties:
+ clientId:
+ description: clientId is the clientID of the Azure Active
+ Directory application.
+ minLength: 1
+ type: string
+ tenantId:
+ description: tenantId is the tenant ID of the Azure
+ Active Directory application.
+ minLength: 1
+ type: string
+ required:
+ - clientId
+ - tenantId
+ type: object
type: object
basicAuth:
description: |-
@@ -7319,6 +7361,48 @@ spec:
This field takes precedence over `tracingConfig`.
type: string
+ updateStrategy:
+ description: |-
+ updateStrategy indicates the strategy that will be employed to update
+ Pods in the StatefulSet when a revision is made to statefulset's Pod
+ Template.
+
+ The default strategy is RollingUpdate.
+ properties:
+ rollingUpdate:
+ description: rollingUpdate is used to communicate parameters when
+ type is RollingUpdate.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ maxUnavailable is the maximum number of pods that can be unavailable
+ during the update. The value can be an absolute number (ex: 5) or a
+ percentage of desired pods (ex: 10%). Absolute number is calculated from
+ percentage by rounding up. This can not be 0. Defaults to 1. This field
+ is alpha-level and is only honored by servers that enable the
+ MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ range 0 to Replicas-1. That means if there is any unavailable pod in
+ the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ type indicates the type of the StatefulSetUpdateStrategy.
+
+ Default is RollingUpdate.
+ enum:
+ - OnDelete
+ - RollingUpdate
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: rollingUpdate requires type to be RollingUpdate
+ rule: '!(self.type != ''RollingUpdate'' && has(self.rollingUpdate))'
version:
description: version of Thanos to be deployed.
type: string
diff --git a/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml b/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml
index 99717c34ec4..0b8389f431f 100644
--- a/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml
+++ b/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
diff --git a/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml b/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml
index 5586dda518e..345feaddacd 100644
--- a/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml
+++ b/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
rules:
- apiGroups:
diff --git a/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml b/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml
index a0f81ec79a7..9ea5fb7770d 100644
--- a/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml
+++ b/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
namespace: default
spec:
@@ -20,19 +20,21 @@ spec:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
spec:
automountServiceAccountToken: true
containers:
- args:
- --kubelet-service=kube-system/kubelet
- - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.87.1
+ - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.88.0
+ - --watch-referenced-objects-in-all-namespaces=true
+ - --disable-unmanaged-prometheus-configuration=true
- --kubelet-endpoints=true
- --kubelet-endpointslice=false
env:
- name: GOGC
value: "30"
- image: quay.io/prometheus-operator/prometheus-operator:v0.87.1
+ image: quay.io/prometheus-operator/prometheus-operator:v0.88.0
name: prometheus-operator
ports:
- containerPort: 8080
diff --git a/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml b/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml
index b7d6833cdaa..3ac5aec2307 100644
--- a/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml
+++ b/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml
@@ -5,6 +5,6 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
namespace: default
diff --git a/example/rbac/prometheus-operator/prometheus-operator-service-monitor.yaml b/example/rbac/prometheus-operator/prometheus-operator-service-monitor.yaml
index e20590755d6..39082dfdf18 100644
--- a/example/rbac/prometheus-operator/prometheus-operator-service-monitor.yaml
+++ b/example/rbac/prometheus-operator/prometheus-operator-service-monitor.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
namespace: default
spec:
@@ -15,4 +15,4 @@ spec:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
diff --git a/example/rbac/prometheus-operator/prometheus-operator-service.yaml b/example/rbac/prometheus-operator/prometheus-operator-service.yaml
index eda2bd68125..e309359e8ff 100644
--- a/example/rbac/prometheus-operator/prometheus-operator-service.yaml
+++ b/example/rbac/prometheus-operator/prometheus-operator-service.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
- app.kubernetes.io/version: 0.87.1
+ app.kubernetes.io/version: 0.88.0
name: prometheus-operator
namespace: default
spec:
diff --git a/go.mod b/go.mod
index cfac560f72a..d9608c3b2b4 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,6 @@
module github.com/prometheus-operator/prometheus-operator
-go 1.24.0
-
-toolchain go1.24.3
+go 1.25.0
require (
github.com/KimMachineGun/automemlimit v0.7.5
@@ -21,27 +19,27 @@ require (
github.com/mitchellh/hashstructure v1.1.0
github.com/oklog/run v1.2.0
github.com/prometheus-community/prom-label-proxy v0.12.1
- github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.87.1
- github.com/prometheus-operator/prometheus-operator/pkg/client v0.87.1
- github.com/prometheus/alertmanager v0.29.0
+ github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.88.0
+ github.com/prometheus-operator/prometheus-operator/pkg/client v0.88.0
+ github.com/prometheus/alertmanager v0.30.0
github.com/prometheus/client_golang v1.23.2
- github.com/prometheus/common v0.67.3
- github.com/prometheus/exporter-toolkit v0.15.0
+ github.com/prometheus/common v0.67.5
+ github.com/prometheus/exporter-toolkit v0.15.1
// Since we needed the change added in https://github.com/prometheus/prometheus/pull/16928 and it's not released yet.
- github.com/prometheus/prometheus v0.307.3
+ github.com/prometheus/prometheus v0.309.1
github.com/stretchr/testify v1.11.1
- github.com/thanos-io/thanos v0.39.2
+ github.com/thanos-io/thanos v0.40.1
go.uber.org/automaxprocs v1.6.0
- golang.org/x/net v0.47.0
- golang.org/x/sync v0.18.0
- google.golang.org/protobuf v1.36.10
+ golang.org/x/net v0.48.0
+ golang.org/x/sync v0.19.0
+ google.golang.org/protobuf v1.36.11
gopkg.in/yaml.v2 v2.4.0
- k8s.io/api v0.34.2
- k8s.io/apiextensions-apiserver v0.34.2
- k8s.io/apimachinery v0.34.2
- k8s.io/apiserver v0.34.2
- k8s.io/client-go v0.34.2
- k8s.io/component-base v0.34.2
+ k8s.io/api v0.34.3
+ k8s.io/apiextensions-apiserver v0.34.3
+ k8s.io/apimachinery v0.34.3
+ k8s.io/apiserver v0.34.3
+ k8s.io/client-go v0.34.3
+ k8s.io/component-base v0.34.3
k8s.io/klog/v2 v2.130.1
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
sigs.k8s.io/controller-runtime v0.22.4
@@ -49,34 +47,35 @@ require (
)
require (
- github.com/aws/aws-sdk-go-v2 v1.39.2 // indirect
- github.com/aws/aws-sdk-go-v2/config v1.31.12 // indirect
- github.com/aws/aws-sdk-go-v2/credentials v1.18.16 // indirect
- github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 // indirect
- github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 // indirect
- github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 // indirect
- github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
- github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect
- github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 // indirect
- github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 // indirect
- github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 // indirect
- github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 // indirect
- github.com/aws/smithy-go v1.23.0 // indirect
+ github.com/aws/aws-sdk-go-v2 v1.41.0 // indirect
+ github.com/aws/aws-sdk-go-v2/config v1.32.6 // indirect
+ github.com/aws/aws-sdk-go-v2/credentials v1.19.6 // indirect
+ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect
+ github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 // indirect
+ github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 // indirect
+ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 // indirect
+ github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 // indirect
+ github.com/aws/smithy-go v1.24.0 // indirect
github.com/coreos/go-systemd/v22 v22.6.0 // indirect
github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb // indirect
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
- github.com/go-openapi/swag v0.25.1 // indirect
- github.com/go-openapi/swag/cmdutils v0.25.1 // indirect
- github.com/go-openapi/swag/conv v0.25.1 // indirect
- github.com/go-openapi/swag/fileutils v0.25.1 // indirect
- github.com/go-openapi/swag/jsonname v0.25.1 // indirect
- github.com/go-openapi/swag/jsonutils v0.25.1 // indirect
- github.com/go-openapi/swag/loading v0.25.1 // indirect
- github.com/go-openapi/swag/mangling v0.25.1 // indirect
- github.com/go-openapi/swag/netutils v0.25.1 // indirect
- github.com/go-openapi/swag/stringutils v0.25.1 // indirect
- github.com/go-openapi/swag/typeutils v0.25.1 // indirect
- github.com/go-openapi/swag/yamlutils v0.25.1 // indirect
+ github.com/go-openapi/swag v0.25.4 // indirect
+ github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
+ github.com/go-openapi/swag/conv v0.25.4 // indirect
+ github.com/go-openapi/swag/fileutils v0.25.4 // indirect
+ github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+ github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+ github.com/go-openapi/swag/loading v0.25.4 // indirect
+ github.com/go-openapi/swag/mangling v0.25.4 // indirect
+ github.com/go-openapi/swag/netutils v0.25.4 // indirect
+ github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+ github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+ github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
github.com/google/gnostic-models v0.7.0 // indirect
@@ -87,14 +86,12 @@ require (
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
github.com/pkg/errors v0.9.1 // indirect
- github.com/prometheus/sigv4 v0.2.1 // indirect
+ github.com/prometheus/sigv4 v0.3.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
go.yaml.in/yaml/v2 v2.4.3 // indirect
go.yaml.in/yaml/v3 v3.0.4 // indirect
golang.org/x/exp v0.0.0-20251002181428-27f1f14c8bb9 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20251006185510-65f7160b3a87 // indirect
- google.golang.org/grpc v1.76.0 // indirect
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
sigs.k8s.io/randfill v1.0.0 // indirect
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
@@ -111,15 +108,15 @@ require (
github.com/go-logfmt/logfmt v0.6.1 // indirect
github.com/go-logr/logr v1.4.3 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
- github.com/go-openapi/analysis v0.24.0 // indirect
- github.com/go-openapi/errors v0.22.3 // indirect
+ github.com/go-openapi/analysis v0.24.1 // indirect
+ github.com/go-openapi/errors v0.22.4 // indirect
github.com/go-openapi/jsonpointer v0.22.1 // indirect
- github.com/go-openapi/jsonreference v0.21.2 // indirect
- github.com/go-openapi/loads v0.23.1 // indirect
- github.com/go-openapi/runtime v0.29.0 // indirect
- github.com/go-openapi/spec v0.22.0 // indirect
- github.com/go-openapi/strfmt v0.24.0 // indirect
- github.com/go-openapi/validate v0.25.0 // indirect
+ github.com/go-openapi/jsonreference v0.21.3 // indirect
+ github.com/go-openapi/loads v0.23.2 // indirect
+ github.com/go-openapi/runtime v0.29.2 // indirect
+ github.com/go-openapi/spec v0.22.1 // indirect
+ github.com/go-openapi/strfmt v0.25.0 // indirect
+ github.com/go-openapi/validate v0.25.1 // indirect
github.com/google/uuid v1.6.0
github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -141,17 +138,17 @@ require (
github.com/spf13/cobra v1.10.1 // indirect
github.com/spf13/pflag v1.0.10 // indirect
github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
- go.mongodb.org/mongo-driver v1.17.4 // indirect
- go.opentelemetry.io/otel v1.38.0 // indirect
- go.opentelemetry.io/otel/metric v1.38.0 // indirect
- go.opentelemetry.io/otel/trace v1.38.0 // indirect
+ go.mongodb.org/mongo-driver v1.17.6 // indirect
+ go.opentelemetry.io/otel v1.39.0 // indirect
+ go.opentelemetry.io/otel/metric v1.39.0 // indirect
+ go.opentelemetry.io/otel/trace v1.39.0 // indirect
go.uber.org/atomic v1.11.0 // indirect
- golang.org/x/crypto v0.44.0 // indirect
- golang.org/x/oauth2 v0.32.0 // indirect
- golang.org/x/sys v0.38.0 // indirect
- golang.org/x/term v0.37.0 // indirect
- golang.org/x/text v0.31.0 // indirect
- golang.org/x/time v0.13.0 // indirect
+ golang.org/x/crypto v0.46.0 // indirect
+ golang.org/x/oauth2 v0.34.0 // indirect
+ golang.org/x/sys v0.39.0 // indirect
+ golang.org/x/term v0.38.0 // indirect
+ golang.org/x/text v0.32.0 // indirect
+ golang.org/x/time v0.14.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
gotest.tools/v3 v3.5.2
diff --git a/go.sum b/go.sum
index bdc5843b6bd..03b72c0c188 100644
--- a/go.sum
+++ b/go.sum
@@ -1,18 +1,18 @@
-cloud.google.com/go v0.118.0 h1:tvZe1mgqRxpiVa3XlIGMiPcEUbP1gNXELgD4y/IXmeQ=
-cloud.google.com/go/auth v0.16.5 h1:mFWNQ2FEVWAliEQWpAdH80omXFokmrnbDhUS9cBywsI=
-cloud.google.com/go/auth v0.16.5/go.mod h1:utzRfHMP+Vv0mpOkTRQoWD2q3BatTOoWbA7gCc2dUhQ=
+cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA=
+cloud.google.com/go/auth v0.17.0 h1:74yCm7hCj2rUyyAocqnFzsAYXgJhrG26XCFimrc/Kz4=
+cloud.google.com/go/auth v0.17.0/go.mod h1:6wv/t5/6rOPAX4fJiRjKkJCvswLwdet7G8+UGXt7nCQ=
cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
-cloud.google.com/go/compute/metadata v0.8.4 h1:oXMa1VMQBVCyewMIOm3WQsnVd9FbKBtm8reqWRaXnHQ=
-cloud.google.com/go/compute/metadata v0.8.4/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 h1:5YTBM8QDVIBN3sxBil89WfdAAqDZbyJTgh688DSxX5w=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.12.0 h1:wL5IEG5zb7BVv1Kv0Xm92orq+5hB5Nipn3B5tn4Rqfk=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.12.0/go.mod h1:J7MUC/wtRpfGVbQ5sIItY5/FuVWmvzlY21WAOfQnq/I=
+cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
+cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 h1:JXg2dwJUmPB9JmtVmdEB16APJ7jurfbY5jnfXpJoRMc=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 h1:XkkQbfMyuH2jTSjQjSoihryI8GINRcs4xp8lNawg0FI=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
github.com/DATA-DOG/go-sqlmock v1.4.1/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
github.com/KimMachineGun/automemlimit v0.7.5 h1:RkbaC0MwhjL1ZuBKunGDjE/ggwAX43DwZrJqVwyveTk=
github.com/KimMachineGun/automemlimit v0.7.5/go.mod h1:QZxpHaGOQoYvFhv/r4u3U0JTC2ZcOwbSr11UZF46UBM=
@@ -28,32 +28,34 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go-v2 v1.39.2 h1:EJLg8IdbzgeD7xgvZ+I8M1e0fL0ptn/M47lianzth0I=
-github.com/aws/aws-sdk-go-v2 v1.39.2/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY=
-github.com/aws/aws-sdk-go-v2/config v1.31.12 h1:pYM1Qgy0dKZLHX2cXslNacbcEFMkDMl+Bcj5ROuS6p8=
-github.com/aws/aws-sdk-go-v2/config v1.31.12/go.mod h1:/MM0dyD7KSDPR+39p9ZNVKaHDLb9qnfDurvVS2KAhN8=
-github.com/aws/aws-sdk-go-v2/credentials v1.18.16 h1:4JHirI4zp958zC026Sm+V4pSDwW4pwLefKrc0bF2lwI=
-github.com/aws/aws-sdk-go-v2/credentials v1.18.16/go.mod h1:qQMtGx9OSw7ty1yLclzLxXCRbrkjWAM7JnObZjmCB7I=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 h1:Mv4Bc0mWmv6oDuSWTKnk+wgeqPL5DRFu5bQL9BGPQ8Y=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9/go.mod h1:IKlKfRppK2a1y0gy1yH6zD+yX5uplJ6UuPlgd48dJiQ=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 h1:se2vOWGD3dWQUtfn4wEjRQJb1HK1XsNIt825gskZ970=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9/go.mod h1:hijCGH2VfbZQxqCDN7bwz/4dzxV+hkyhjawAtdPWKZA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 h1:6RBnKZLkJM4hQ+kN6E7yWFveOTg8NLPHAkqrs4ZPlTU=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9/go.mod h1:V9rQKRmK7AWuEsOMnHzKj8WyrIir1yUJbZxDuZLFvXI=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 h1:5r34CgVOD4WZudeEKZ9/iKpiT6cM1JyEROpXjOcdWv8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9/go.mod h1:dB12CEbNWPbzO2uC6QSWHteqOg4JfBVJOojbAoAUb5I=
-github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 h1:A1oRkiSQOWstGh61y4Wc/yQ04sqrQZr1Si/oAXj20/s=
-github.com/aws/aws-sdk-go-v2/service/sso v1.29.6/go.mod h1:5PfYspyCU5Vw1wNPsxi15LZovOnULudOQuVxphSflQA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 h1:5fm5RTONng73/QA73LhCNR7UT9RpFH3hR6HWL6bIgVY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1/go.mod h1:xBEjWD13h+6nq+z4AkqSfSvqRKFgDIQeaMguAJndOWo=
-github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 h1:p3jIvqYwUZgu/XYeI48bJxOhvm47hZb5HUQ0tn6Q9kA=
-github.com/aws/aws-sdk-go-v2/service/sts v1.38.6/go.mod h1:WtKK+ppze5yKPkZ0XwqIVWD4beCwv056ZbPQNoeHqM8=
-github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE=
-github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
+github.com/aws/aws-sdk-go-v2 v1.41.0 h1:tNvqh1s+v0vFYdA1xq0aOJH+Y5cRyZ5upu6roPgPKd4=
+github.com/aws/aws-sdk-go-v2 v1.41.0/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0=
+github.com/aws/aws-sdk-go-v2/config v1.32.6 h1:hFLBGUKjmLAekvi1evLi5hVvFQtSo3GYwi+Bx4lpJf8=
+github.com/aws/aws-sdk-go-v2/config v1.32.6/go.mod h1:lcUL/gcd8WyjCrMnxez5OXkO3/rwcNmvfno62tnXNcI=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.6 h1:F9vWao2TwjV2MyiyVS+duza0NIRtAslgLUM0vTA1ZaE=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.6/go.mod h1:SgHzKjEVsdQr6Opor0ihgWtkWdfRAIwxYzSJ8O85VHY=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16 h1:80+uETIWS1BqjnN9uJ0dBUaETh+P1XwFy5vwHwK5r9k=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.16/go.mod h1:wOOsYuxYuB/7FlnVtzeBYRcjSRtQpAW0hCP7tIULMwo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 h1:rgGwPzb82iBYSvHMHXc8h9mRoOUBZIGFgKb9qniaZZc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16/go.mod h1:L/UxsGeKpGoIj6DxfhOWHWQ/kGKcd4I1VncE4++IyKA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 h1:1jtGzuV7c82xnqOVfx2F0xmJcOw5374L7N6juGW6x6U=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16/go.mod h1:M2E5OQf+XLe+SZGmmpaI2yy+J326aFf6/+54PoxSANc=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 h1:oHjJHeUy0ImIV0bsrX0X91GkV5nJAyv1l1CC9lnO0TI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16/go.mod h1:iRSNGgOYmiYwSCXxXaKb9HfOEj40+oTKn8pTxMlYkRM=
+github.com/aws/aws-sdk-go-v2/service/signin v1.0.4 h1:HpI7aMmJ+mm1wkSHIA2t5EaFFv5EFYXePW30p1EIrbQ=
+github.com/aws/aws-sdk-go-v2/service/signin v1.0.4/go.mod h1:C5RdGMYGlfM0gYq/tifqgn4EbyX99V15P2V3R+VHbQU=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.8 h1:aM/Q24rIlS3bRAhTyFurowU8A0SMyGDtEOY/l/s/1Uw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.8/go.mod h1:+fWt2UHSb4kS7Pu8y+BMBvJF0EWx+4H0hzNwtDNRTrg=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12 h1:AHDr0DaHIAo8c9t1emrzAlVDFp+iMMKnPdYy6XO4MCE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.12/go.mod h1:GQ73XawFFiWxyWXMHWfhiomvP3tXtdNar/fi8z18sx0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.41.5 h1:SciGFVNZ4mHdm7gpD1dgZYnCuVdX1s+lFTg4+4DOy70=
+github.com/aws/aws-sdk-go-v2/service/sts v1.41.5/go.mod h1:iW40X4QBmUxdP+fZNOpfmkdMZqsovezbAeO+Ubiv2pk=
+github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk=
+github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
github.com/bboreham/go-loser v0.0.0-20230920113527-fcc2c21820a3 h1:6df1vn4bBlDDo4tARvBm7l6KA9iVMnE3NWizDeWSrps=
github.com/bboreham/go-loser v0.0.0-20230920113527-fcc2c21820a3/go.mod h1:CIWtjkly68+yqLPbvwwR/fjNJA/idrtULjZWh2v1ys0=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -107,50 +109,54 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/analysis v0.24.0 h1:vE/VFFkICKyYuTWYnplQ+aVr45vlG6NcZKC7BdIXhsA=
-github.com/go-openapi/analysis v0.24.0/go.mod h1:GLyoJA+bvmGGaHgpfeDh8ldpGo69fAJg7eeMDMRCIrw=
-github.com/go-openapi/errors v0.22.3 h1:k6Hxa5Jg1TUyZnOwV2Lh81j8ayNw5VVYLvKrp4zFKFs=
-github.com/go-openapi/errors v0.22.3/go.mod h1:+WvbaBBULWCOna//9B9TbLNGSFOfF8lY9dw4hGiEiKQ=
+github.com/go-openapi/analysis v0.24.1 h1:Xp+7Yn/KOnVWYG8d+hPksOYnCYImE3TieBa7rBOesYM=
+github.com/go-openapi/analysis v0.24.1/go.mod h1:dU+qxX7QGU1rl7IYhBC8bIfmWQdX4Buoea4TGtxXY84=
+github.com/go-openapi/errors v0.22.4 h1:oi2K9mHTOb5DPW2Zjdzs/NIvwi2N3fARKaTJLdNabaM=
+github.com/go-openapi/errors v0.22.4/go.mod h1:z9S8ASTUqx7+CP1Q8dD8ewGH/1JWFFLX/2PmAYNQLgk=
github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk=
github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM=
-github.com/go-openapi/jsonreference v0.21.2 h1:Wxjda4M/BBQllegefXrY/9aq1fxBA8sI5M/lFU6tSWU=
-github.com/go-openapi/jsonreference v0.21.2/go.mod h1:pp3PEjIsJ9CZDGCNOyXIQxsNuroxm8FAJ/+quA0yKzQ=
-github.com/go-openapi/loads v0.23.1 h1:H8A0dX2KDHxDzc797h0+uiCZ5kwE2+VojaQVaTlXvS0=
-github.com/go-openapi/loads v0.23.1/go.mod h1:hZSXkyACCWzWPQqizAv/Ye0yhi2zzHwMmoXQ6YQml44=
-github.com/go-openapi/runtime v0.29.0 h1:Y7iDTFarS9XaFQ+fA+lBLngMwH6nYfqig1G+pHxMRO0=
-github.com/go-openapi/runtime v0.29.0/go.mod h1:52HOkEmLL/fE4Pg3Kf9nxc9fYQn0UsIWyGjGIJE9dkg=
-github.com/go-openapi/spec v0.22.0 h1:xT/EsX4frL3U09QviRIZXvkh80yibxQmtoEvyqug0Tw=
-github.com/go-openapi/spec v0.22.0/go.mod h1:K0FhKxkez8YNS94XzF8YKEMULbFrRw4m15i2YUht4L0=
-github.com/go-openapi/strfmt v0.24.0 h1:dDsopqbI3wrrlIzeXRbqMihRNnjzGC+ez4NQaAAJLuc=
-github.com/go-openapi/strfmt v0.24.0/go.mod h1:Lnn1Bk9rZjXxU9VMADbEEOo7D7CDyKGLsSKekhFr7s4=
-github.com/go-openapi/swag v0.25.1 h1:6uwVsx+/OuvFVPqfQmOOPsqTcm5/GkBhNwLqIR916n8=
-github.com/go-openapi/swag v0.25.1/go.mod h1:bzONdGlT0fkStgGPd3bhZf1MnuPkf2YAys6h+jZipOo=
-github.com/go-openapi/swag/cmdutils v0.25.1 h1:nDke3nAFDArAa631aitksFGj2omusks88GF1VwdYqPY=
-github.com/go-openapi/swag/cmdutils v0.25.1/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0=
-github.com/go-openapi/swag/conv v0.25.1 h1:+9o8YUg6QuqqBM5X6rYL/p1dpWeZRhoIt9x7CCP+he0=
-github.com/go-openapi/swag/conv v0.25.1/go.mod h1:Z1mFEGPfyIKPu0806khI3zF+/EUXde+fdeksUl2NiDs=
-github.com/go-openapi/swag/fileutils v0.25.1 h1:rSRXapjQequt7kqalKXdcpIegIShhTPXx7yw0kek2uU=
-github.com/go-openapi/swag/fileutils v0.25.1/go.mod h1:+NXtt5xNZZqmpIpjqcujqojGFek9/w55b3ecmOdtg8M=
-github.com/go-openapi/swag/jsonname v0.25.1 h1:Sgx+qbwa4ej6AomWC6pEfXrA6uP2RkaNjA9BR8a1RJU=
-github.com/go-openapi/swag/jsonname v0.25.1/go.mod h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo=
-github.com/go-openapi/swag/jsonutils v0.25.1 h1:AihLHaD0brrkJoMqEZOBNzTLnk81Kg9cWr+SPtxtgl8=
-github.com/go-openapi/swag/jsonutils v0.25.1/go.mod h1:JpEkAjxQXpiaHmRO04N1zE4qbUEg3b7Udll7AMGTNOo=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1 h1:DSQGcdB6G0N9c/KhtpYc71PzzGEIc/fZ1no35x4/XBY=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1/go.mod h1:kjmweouyPwRUEYMSrbAidoLMGeJ5p6zdHi9BgZiqmsg=
-github.com/go-openapi/swag/loading v0.25.1 h1:6OruqzjWoJyanZOim58iG2vj934TysYVptyaoXS24kw=
-github.com/go-openapi/swag/loading v0.25.1/go.mod h1:xoIe2EG32NOYYbqxvXgPzne989bWvSNoWoyQVWEZicc=
-github.com/go-openapi/swag/mangling v0.25.1 h1:XzILnLzhZPZNtmxKaz/2xIGPQsBsvmCjrJOWGNz/ync=
-github.com/go-openapi/swag/mangling v0.25.1/go.mod h1:CdiMQ6pnfAgyQGSOIYnZkXvqhnnwOn997uXZMAd/7mQ=
-github.com/go-openapi/swag/netutils v0.25.1 h1:2wFLYahe40tDUHfKT1GRC4rfa5T1B4GWZ+msEFA4Fl4=
-github.com/go-openapi/swag/netutils v0.25.1/go.mod h1:CAkkvqnUJX8NV96tNhEQvKz8SQo2KF0f7LleiJwIeRE=
-github.com/go-openapi/swag/stringutils v0.25.1 h1:Xasqgjvk30eUe8VKdmyzKtjkVjeiXx1Iz0zDfMNpPbw=
-github.com/go-openapi/swag/stringutils v0.25.1/go.mod h1:JLdSAq5169HaiDUbTvArA2yQxmgn4D6h4A+4HqVvAYg=
-github.com/go-openapi/swag/typeutils v0.25.1 h1:rD/9HsEQieewNt6/k+JBwkxuAHktFtH3I3ysiFZqukA=
-github.com/go-openapi/swag/typeutils v0.25.1/go.mod h1:9McMC/oCdS4BKwk2shEB7x17P6HmMmA6dQRtAkSnNb8=
-github.com/go-openapi/swag/yamlutils v0.25.1 h1:mry5ez8joJwzvMbaTGLhw8pXUnhDK91oSJLDPF1bmGk=
-github.com/go-openapi/swag/yamlutils v0.25.1/go.mod h1:cm9ywbzncy3y6uPm/97ysW8+wZ09qsks+9RS8fLWKqg=
-github.com/go-openapi/validate v0.25.0 h1:JD9eGX81hDTjoY3WOzh6WqxVBVl7xjsLnvDo1GL5WPU=
-github.com/go-openapi/validate v0.25.0/go.mod h1:SUY7vKrN5FiwK6LyvSwKjDfLNirSfWwHNgxd2l29Mmw=
+github.com/go-openapi/jsonreference v0.21.3 h1:96Dn+MRPa0nYAR8DR1E03SblB5FJvh7W6krPI0Z7qMc=
+github.com/go-openapi/jsonreference v0.21.3/go.mod h1:RqkUP0MrLf37HqxZxrIAtTWW4ZJIK1VzduhXYBEeGc4=
+github.com/go-openapi/loads v0.23.2 h1:rJXAcP7g1+lWyBHC7iTY+WAF0rprtM+pm8Jxv1uQJp4=
+github.com/go-openapi/loads v0.23.2/go.mod h1:IEVw1GfRt/P2Pplkelxzj9BYFajiWOtY2nHZNj4UnWY=
+github.com/go-openapi/runtime v0.29.2 h1:UmwSGWNmWQqKm1c2MGgXVpC2FTGwPDQeUsBMufc5Yj0=
+github.com/go-openapi/runtime v0.29.2/go.mod h1:biq5kJXRJKBJxTDJXAa00DOTa/anflQPhT0/wmjuy+0=
+github.com/go-openapi/spec v0.22.1 h1:beZMa5AVQzRspNjvhe5aG1/XyBSMeX1eEOs7dMoXh/k=
+github.com/go-openapi/spec v0.22.1/go.mod h1:c7aeIQT175dVowfp7FeCvXXnjN/MrpaONStibD2WtDA=
+github.com/go-openapi/strfmt v0.25.0 h1:7R0RX7mbKLa9EYCTHRcCuIPcaqlyQiWNPTXwClK0saQ=
+github.com/go-openapi/strfmt v0.25.0/go.mod h1:nNXct7OzbwrMY9+5tLX4I21pzcmE6ccMGXl3jFdPfn8=
+github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU=
+github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ=
+github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4=
+github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0=
+github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
+github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
+github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y=
+github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk=
+github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
+github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
+github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
+github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
+github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
+github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
+github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48=
+github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg=
+github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0=
+github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg=
+github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
+github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
+github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
+github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
+github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
+github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
+github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
+github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
+github.com/go-openapi/validate v0.25.1 h1:sSACUI6Jcnbo5IWqbYHgjibrhhmt3vR6lCzKZnmAgBw=
+github.com/go-openapi/validate v0.25.1/go.mod h1:RMVyVFYte0gbSTaZ0N4KmTn6u/kClvAFp+mAVfS/DQc=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
@@ -175,14 +181,14 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 h1:ZI8gCoCjGzPsum4L21jHdQs8shFBIQih1TM9Rd/c+EQ=
-github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U=
+github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f h1:HU1RgM6NALf/KW9HEY6zry3ADbDKcmpQ+hJedoNGQYQ=
+github.com/google/pprof v0.0.0-20251213031049-b05bdaca462f/go.mod h1:67FPmZWbr+KDT/VlpWtw6sO9XSjpJmLuHpoLmWiTGgY=
github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
+github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww=
github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo=
github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc=
@@ -201,8 +207,8 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
-github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
+github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -274,13 +280,15 @@ github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
github.com/prometheus-community/prom-label-proxy v0.12.1 h1:vJ6tGz4NMge140Ua3T/zh3HO0CA3bmnCsfkWK/cujG0=
github.com/prometheus-community/prom-label-proxy v0.12.1/go.mod h1:/tZNtOMcbPbE1VFcY8b48mPqT1bb2jVpXx2WdjjM8TY=
-github.com/prometheus/alertmanager v0.29.0 h1:/ET4NmAGx2Dv9kStrXIBqBgHyiSgIk4OetY+hoZRfgc=
-github.com/prometheus/alertmanager v0.29.0/go.mod h1:SjI2vhrfdWg10UaRUxTz27rgdJVG3HXrhI5WFjCdBgs=
+github.com/prometheus/alertmanager v0.30.0 h1:E4dnxSFXK8V2Bb8iqudlisTmaIrF3hRJSWnliG08tBM=
+github.com/prometheus/alertmanager v0.30.0/go.mod h1:93PBumcTLr/gNtNtM0m7BcCffbvYP5bKuLBWiOnISaA=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
+github.com/prometheus/client_golang/exp v0.0.0-20251212205219-7ba246a648ca h1:BOxmsLoL2ymn8lXJtorca7N/m+2vDQUDoEtPjf0iAxA=
+github.com/prometheus/client_golang/exp v0.0.0-20251212205219-7ba246a648ca/go.mod h1:gndBHh3ZdjBozGcGrjUYjN3UJLRS3l2drALtu4lUt+k=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -288,10 +296,10 @@ github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNw
github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/common v0.67.3 h1:shd26MlnwTw5jksTDhC7rTQIteBxy+ZZDr3t7F2xN2Q=
-github.com/prometheus/common v0.67.3/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI=
-github.com/prometheus/exporter-toolkit v0.15.0 h1:Pcle5sSViwR1x0gdPd0wtYrPQENBieQAM7TmT0qtb2U=
-github.com/prometheus/exporter-toolkit v0.15.0/go.mod h1:OyRWd2iTo6Xge9Kedvv0IhCrJSBu36JCfJ2yVniRIYk=
+github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTUGI4=
+github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw=
+github.com/prometheus/exporter-toolkit v0.15.1 h1:XrGGr/qWl8Gd+pqJqTkNLww9eG8vR/CoRk0FubOKfLE=
+github.com/prometheus/exporter-toolkit v0.15.1/go.mod h1:P/NR9qFRGbCFgpklyhix9F6v6fFr/VQB/CVsrMDGKo4=
github.com/prometheus/otlptranslator v1.0.0 h1:s0LJW/iN9dkIH+EnhiD3BlkkP5QVIUVEoIwkU+A6qos=
github.com/prometheus/otlptranslator v1.0.0/go.mod h1:vRYWnXvI6aWGpsdY/mOT/cbeVRBlPWtBNDb7kGR3uKM=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
@@ -299,10 +307,10 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT
github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0=
github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw=
-github.com/prometheus/prometheus v0.307.3 h1:zGIN3EpiKacbMatcUL2i6wC26eRWXdoXfNPjoBc2l34=
-github.com/prometheus/prometheus v0.307.3/go.mod h1:sPbNW+KTS7WmzFIafC3Inzb6oZVaGLnSvwqTdz2jxRQ=
-github.com/prometheus/sigv4 v0.2.1 h1:hl8D3+QEzU9rRmbKIRwMKRwaFGyLkbPdH5ZerglRHY0=
-github.com/prometheus/sigv4 v0.2.1/go.mod h1:ySk6TahIlsR2sxADuHy4IBFhwEjRGGsfbbLGhFYFj6Q=
+github.com/prometheus/prometheus v0.309.1 h1:jutK6eCYDpWdPTUbVbkcQsNCMO9CCkSwjQRMLds4jSo=
+github.com/prometheus/prometheus v0.309.1/go.mod h1:d+dOGiVhuNDa4MaFXHVdnUBy/CzqlcNTooR8oM1wdTU=
+github.com/prometheus/sigv4 v0.3.0 h1:QIG7nTbu0JTnNidGI1Uwl5AGVIChWUACxn2B/BQ1kms=
+github.com/prometheus/sigv4 v0.3.0/go.mod h1:fKtFYDus2M43CWKMNtGvFNHGXnAJJEGZbiYCmVp/F8I=
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -329,28 +337,28 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/thanos-io/thanos v0.39.2 h1:edN03y7giEc6lD17HJhYcv8ELapXxElmhJnFIYJ2GqQ=
-github.com/thanos-io/thanos v0.39.2/go.mod h1:bvUPJNIx2LBXme6yBinRiGqQinxlGikLlK7PGeFQPkQ=
+github.com/thanos-io/thanos v0.40.1 h1:osjcmfQTXGoFeXTVLR56+RQo7bdtQmsNem73rflYwb0=
+github.com/thanos-io/thanos v0.40.1/go.mod h1:TI/hLlnHK5XuHsycq5jNiQ9VrtjjejbG3lG2U3JJr1Y=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc=
github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.mongodb.org/mongo-driver v1.17.4 h1:jUorfmVzljjr0FLzYQsGP8cgN/qzzxlY9Vh0C9KFXVw=
-go.mongodb.org/mongo-driver v1.17.4/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
+go.mongodb.org/mongo-driver v1.17.6 h1:87JUG1wZfWsr6rIz3ZmpH90rL5tea7O3IHuSwHUpsss=
+go.mongodb.org/mongo-driver v1.17.6/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg=
-go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
-go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
-go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
-go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
-go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
-go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
-go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
-go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
@@ -359,8 +367,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
-go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc=
+go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
@@ -369,8 +377,8 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU=
-golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc=
+golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
golang.org/x/exp v0.0.0-20251002181428-27f1f14c8bb9 h1:TQwNpfvNkxAVlItJf6Cr5JTsVZoC/Sj7K3OZv2Pc14A=
golang.org/x/exp v0.0.0-20251002181428-27f1f14c8bb9/go.mod h1:TwQYMMnGpvZyc+JpB/UAuTNIsVJifOlSkrZkhcvpVUk=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -381,17 +389,17 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
-golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
-golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
-golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -399,34 +407,35 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
-golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
-golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
-golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
+golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
+golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.250.0 h1:qvkwrf/raASj82UegU2RSDGWi/89WkLckn4LuO4lVXM=
-google.golang.org/api v0.250.0/go.mod h1:Y9Uup8bDLJJtMzJyQnu+rLRJLA0wn+wTtc6vTlOvfXo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251006185510-65f7160b3a87 h1:WgGZrMngVRRve7T3P5gbXdmedSmUpkf8uIUu1fg+biY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251006185510-65f7160b3a87/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
-google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
-google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
-google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
-google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+google.golang.org/api v0.257.0 h1:8Y0lzvHlZps53PEaw+G29SsQIkuKrumGWs9puiexNAA=
+google.golang.org/api v0.257.0/go.mod h1:4eJrr+vbVaZSqs7vovFd1Jb/A6ml6iw2e6FBYf3GAO4=
+google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 h1:1tXaIXCracvtsRxSBsYDiSBN0cuJvM7QYW+MrpIRY78=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
+google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM=
+google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -447,18 +456,18 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
-k8s.io/api v0.34.2 h1:fsSUNZhV+bnL6Aqrp6O7lMTy6o5x2C4XLjnh//8SLYY=
-k8s.io/api v0.34.2/go.mod h1:MMBPaWlED2a8w4RSeanD76f7opUoypY8TFYkSM+3XHw=
-k8s.io/apiextensions-apiserver v0.34.2 h1:WStKftnGeoKP4AZRz/BaAAEJvYp4mlZGN0UCv+uvsqo=
-k8s.io/apiextensions-apiserver v0.34.2/go.mod h1:398CJrsgXF1wytdaanynDpJ67zG4Xq7yj91GrmYN2SE=
-k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4=
-k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw=
-k8s.io/apiserver v0.34.2 h1:2/yu8suwkmES7IzwlehAovo8dDE07cFRC7KMDb1+MAE=
-k8s.io/apiserver v0.34.2/go.mod h1:gqJQy2yDOB50R3JUReHSFr+cwJnL8G1dzTA0YLEqAPI=
-k8s.io/client-go v0.34.2 h1:Co6XiknN+uUZqiddlfAjT68184/37PS4QAzYvQvDR8M=
-k8s.io/client-go v0.34.2/go.mod h1:2VYDl1XXJsdcAxw7BenFslRQX28Dxz91U9MWKjX97fE=
-k8s.io/component-base v0.34.2 h1:HQRqK9x2sSAsd8+R4xxRirlTjowsg6fWCPwWYeSvogQ=
-k8s.io/component-base v0.34.2/go.mod h1:9xw2FHJavUHBFpiGkZoKuYZ5pdtLKe97DEByaA+hHbM=
+k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4=
+k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk=
+k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g=
+k8s.io/apiextensions-apiserver v0.34.3/go.mod h1:aujxvqGFRdb/cmXYfcRTeppN7S2XV/t7WMEc64zB5A0=
+k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE=
+k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw=
+k8s.io/apiserver v0.34.3 h1:uGH1qpDvSiYG4HVFqc6A3L4CKiX+aBWDrrsxHYK0Bdo=
+k8s.io/apiserver v0.34.3/go.mod h1:QPnnahMO5C2m3lm6fPW3+JmyQbvHZQ8uudAu/493P2w=
+k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A=
+k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM=
+k8s.io/component-base v0.34.3 h1:zsEgw6ELqK0XncCQomgO9DpUIzlrYuZYA0Cgo+JWpVk=
+k8s.io/component-base v0.34.3/go.mod h1:5iIlD8wPfWE/xSHTRfbjuvUul2WZbI2nOUK65XL0E/c=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE=
diff --git a/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json b/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json
index dd0fb08b279..ad7c5c25b25 100644
--- a/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json
+++ b/jsonnet/prometheus-operator/alertmanagerconfigs-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "alertmanagerconfigs.monitoring.coreos.com"
},
@@ -54,7 +54,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"sourceMatch": {
"description": "sourceMatch defines matchers for which one or more alerts have to exist for the inhibition\nto take effect. The operator enforces that the alert matches the resource's namespace.\nThese are the \"trigger\" alerts that cause other alerts to be inhibited.",
@@ -90,7 +91,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"targetMatch": {
"description": "targetMatch defines matchers that have to be fulfilled in the alerts to be muted.\nThe operator enforces that the alert matches the resource's namespace.\nWhen these conditions are met, matching alerts will be inhibited (silenced).",
@@ -126,12 +128,14 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
}
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"muteTimeIntervals": {
"description": "muteTimeIntervals defines the list of MuteTimeInterval specifying when the routes should be muted.",
@@ -167,7 +171,8 @@
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"months": {
"description": "months defines a list of MonthRange",
@@ -176,7 +181,8 @@
"pattern": "^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$)",
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"times": {
"description": "times defines a list of TimeRange",
@@ -196,7 +202,8 @@
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"weekdays": {
"description": "weekdays defines a list of WeekdayRange",
@@ -205,7 +212,8 @@
"pattern": "^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)",
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"years": {
"description": "years defines a list of YearRange",
@@ -214,12 +222,14 @@
"pattern": "^2\\d{3}(?::2\\d{3}|$)",
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
}
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
}
},
"required": [
@@ -227,7 +237,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"receivers": {
"description": "receivers defines the list of receivers.",
@@ -936,7 +947,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"emailConfigs": {
"description": "emailConfigs defines the list of Email configurations.",
@@ -1022,7 +1034,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"hello": {
"description": "hello defines the hostname to identify to the SMTP server.\nThis is used in the SMTP HELO/EHLO command during the connection handshake.",
@@ -1216,7 +1229,8 @@
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"msteamsConfigs": {
"description": "msteamsConfigs defines the list of MSTeams configurations.\nIt requires Alertmanager >= 0.26.0.",
@@ -1909,7 +1923,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"msteamsv2Configs": {
"description": "msteamsv2Configs defines the list of MSTeamsV2 configurations.\nIt requires Alertmanager >= 0.28.0.",
@@ -2597,7 +2612,8 @@
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"name": {
"description": "name defines the name of the receiver. Must be unique across all items from the list.",
@@ -2638,6 +2654,7 @@
},
"apiURL": {
"description": "apiURL defines the URL to send OpsGenie API requests to.\nWhen not specified, defaults to the standard OpsGenie API endpoint.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"description": {
@@ -2665,7 +2682,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"entity": {
"description": "entity defines an optional field that can be used to specify which domain alert is related to.\nThis helps group related alerts together in OpsGenie.",
@@ -3359,7 +3377,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"sendResolved": {
"description": "sendResolved defines whether or not to notify about resolved alerts.",
@@ -3380,7 +3399,8 @@
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"pagerdutyConfigs": {
"description": "pagerdutyConfigs defines the List of PagerDuty configurations.",
@@ -3389,22 +3409,27 @@
"properties": {
"class": {
"description": "class defines the class/type of the event.",
+ "minLength": 1,
"type": "string"
},
"client": {
"description": "client defines the client identification.",
+ "minLength": 1,
"type": "string"
},
"clientURL": {
"description": "clientURL defines the backlink to the sender of notification.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"component": {
"description": "component defines the part or component of the affected system that is broken.",
+ "minLength": 1,
"type": "string"
},
"description": {
"description": "description of the incident.",
+ "minLength": 1,
"type": "string"
},
"details": {
@@ -3428,10 +3453,12 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"group": {
"description": "group defines a cluster or grouping of sources.",
+ "minLength": 1,
"type": "string"
},
"httpConfig": {
@@ -4082,20 +4109,24 @@
"properties": {
"alt": {
"description": "alt is the optional alternative text for the image.",
+ "minLength": 1,
"type": "string"
},
"href": {
"description": "href defines the optional URL; makes the image a clickable link.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"src": {
"description": "src of the image being attached to the incident",
+ "minLength": 1,
"type": "string"
}
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"pagerDutyLinkConfigs": {
"description": "pagerDutyLinkConfigs defines a list of link details to attach that provide further detail about an incident.",
@@ -4104,16 +4135,19 @@
"properties": {
"alt": {
"description": "alt defines the text that describes the purpose of the link, and can be used as the link's text.",
+ "minLength": 1,
"type": "string"
},
"href": {
"description": "href defines the URL of the link to be attached",
+ "pattern": "^https?://.+$",
"type": "string"
}
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"routingKey": {
"description": "routingKey defines the secret's key that contains the PagerDuty integration key (when using\nEvents API v2). Either this field or `serviceKey` needs to be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.",
@@ -4167,20 +4201,29 @@
},
"severity": {
"description": "severity of the incident.",
+ "minLength": 1,
"type": "string"
},
"source": {
"description": "source defines the unique location of the affected system.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "timeout": {
+ "description": "timeout is the maximum time allowed to invoke the pagerduty\nIt requires Alertmanager >= v0.30.0.",
+ "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$",
"type": "string"
},
"url": {
"description": "url defines the URL to send requests to.",
+ "pattern": "^https?://.+$",
"type": "string"
}
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"pushoverConfigs": {
"description": "pushoverConfigs defines the list of Pushover configurations.",
@@ -4189,6 +4232,7 @@
"properties": {
"device": {
"description": "device defines the name of a specific device to send the notification to.\nIf not specified, the notification is sent to all user's devices.",
+ "minLength": 1,
"type": "string"
},
"expire": {
@@ -4197,7 +4241,7 @@
"type": "string"
},
"html": {
- "description": "html defines whether notification message is HTML or plain text.\nWhen true, the message can include HTML formatting tags.",
+ "description": "html defines whether notification message is HTML or plain text.\nWhen true, the message can include HTML formatting tags.\nhtml and monospace formatting are mutually exclusive.",
"type": "boolean"
},
"httpConfig": {
@@ -4843,6 +4887,7 @@
},
"message": {
"description": "message defines the notification message content.\nThis is the main body text of the Pushover notification.",
+ "minLength": 1,
"type": "string"
},
"monospace": {
@@ -4851,6 +4896,7 @@
},
"priority": {
"description": "priority defines the notification priority level.\nSee https://pushover.net/api#priority for valid values and behavior.",
+ "minLength": 1,
"type": "string"
},
"retry": {
@@ -4864,10 +4910,12 @@
},
"sound": {
"description": "sound defines the name of one of the sounds supported by device clients.\nThis overrides the user's default sound choice for this notification.",
+ "minLength": 1,
"type": "string"
},
"title": {
"description": "title defines the notification title displayed in the Pushover message.\nThis appears as the bold header text in the notification.",
+ "minLength": 1,
"type": "string"
},
"token": {
@@ -4895,6 +4943,7 @@
},
"tokenFile": {
"description": "tokenFile defines the token file that contains the registered application's API token.\nSee https://pushover.net/apps for application registration.\nEither `token` or `tokenFile` is required.\nIt requires Alertmanager >= v0.26.0.",
+ "minLength": 1,
"type": "string"
},
"ttl": {
@@ -4904,10 +4953,12 @@
},
"url": {
"description": "url defines a supplementary URL shown alongside the message.\nThis creates a clickable link within the Pushover notification.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"urlTitle": {
"description": "urlTitle defines a title for the supplementary URL.\nIf not specified, the raw URL is shown instead.",
+ "minLength": 1,
"type": "string"
},
"userKey": {
@@ -4935,12 +4986,14 @@
},
"userKeyFile": {
"description": "userKeyFile defines the user key file that contains the recipient user's user key.\nEither `userKey` or `userKeyFile` is required.\nIt requires Alertmanager >= v0.26.0.",
+ "minLength": 1,
"type": "string"
}
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"rocketchatConfigs": {
"description": "rocketchatConfigs defines the list of RocketChat configurations.\nIt requires Alertmanager >= 0.28.0.",
@@ -4971,7 +5024,8 @@
"type": "object"
},
"minItems": 1,
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"apiURL": {
"description": "apiURL defines the API URL for RocketChat.\nDefaults to https://open.rocket.chat/ if not specified.",
@@ -5016,7 +5070,8 @@
"type": "object"
},
"minItems": 1,
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"httpConfig": {
"description": "httpConfig defines the HTTP client configuration for RocketChat API requests.",
@@ -5754,7 +5809,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"slackConfigs": {
"description": "slackConfigs defines the list of Slack configurations.",
@@ -5771,10 +5827,12 @@
"properties": {
"dismissText": {
"description": "dismissText defines the label for the cancel button in the dialog.\nWhen not specified, defaults to \"Cancel\". This button cancels the action.",
+ "minLength": 1,
"type": "string"
},
"okText": {
"description": "okText defines the label for the confirmation button in the dialog.\nWhen not specified, defaults to \"Okay\". This button proceeds with the action.",
+ "minLength": 1,
"type": "string"
},
"text": {
@@ -5784,6 +5842,7 @@
},
"title": {
"description": "title defines the title text displayed at the top of the confirmation dialog.\nWhen not specified, a default title will be used.",
+ "minLength": 1,
"type": "string"
}
},
@@ -5794,10 +5853,12 @@
},
"name": {
"description": "name defines a unique identifier for the action within the message.\nThis value is sent back to your application when the action is triggered.",
+ "minLength": 1,
"type": "string"
},
"style": {
"description": "style defines the visual appearance of the action element.\nValid values include \"default\", \"primary\" (green), and \"danger\" (red).",
+ "minLength": 1,
"type": "string"
},
"text": {
@@ -5812,10 +5873,12 @@
},
"url": {
"description": "url defines the URL to open when the action is triggered.\nOnly applicable for button-type actions. When set, clicking the button opens this URL.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"value": {
"description": "value defines the payload sent when the action is triggered.\nThis data is included in the callback sent to your application.",
+ "minLength": 1,
"type": "string"
}
},
@@ -5825,7 +5888,9 @@
],
"type": "object"
},
- "type": "array"
+ "minItems": 1,
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"apiURL": {
"description": "apiURL defines the secret's key that contains the Slack webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.",
@@ -5852,18 +5917,22 @@
},
"callbackId": {
"description": "callbackId defines an identifier for the message used in interactive components.",
+ "minLength": 1,
"type": "string"
},
"channel": {
"description": "channel defines the channel or user to send notifications to.",
+ "minLength": 1,
"type": "string"
},
"color": {
"description": "color defines the color of the left border of the Slack message attachment.\nCan be a hex color code (e.g., \"#ff0000\") or a predefined color name.",
+ "minLength": 1,
"type": "string"
},
"fallback": {
"description": "fallback defines a plain-text summary of the attachment for clients that don't support attachments.",
+ "minLength": 1,
"type": "string"
},
"fields": {
@@ -5892,10 +5961,13 @@
],
"type": "object"
},
- "type": "array"
+ "minItems": 1,
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"footer": {
"description": "footer defines small text displayed at the bottom of the message attachment.",
+ "minLength": 1,
"type": "string"
},
"httpConfig": {
@@ -6541,14 +6613,17 @@
},
"iconEmoji": {
"description": "iconEmoji defines the emoji to use as the bot's avatar (e.g., \":ghost:\").",
+ "minLength": 1,
"type": "string"
},
"iconURL": {
"description": "iconURL defines the URL to an image to use as the bot's avatar.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"imageURL": {
"description": "imageURL defines the URL to an image file that will be displayed inside the message attachment.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"linkNames": {
@@ -6558,12 +6633,16 @@
"mrkdwnIn": {
"description": "mrkdwnIn defines which fields should be parsed as Slack markdown.\nValid values include \"pretext\", \"text\", and \"fields\".",
"items": {
+ "minLength": 1,
"type": "string"
},
- "type": "array"
+ "minItems": 1,
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"pretext": {
"description": "pretext defines optional text that appears above the message attachment block.",
+ "minLength": 1,
"type": "string"
},
"sendResolved": {
@@ -6576,28 +6655,39 @@
},
"text": {
"description": "text defines the main text content of the Slack message attachment.",
+ "minLength": 1,
"type": "string"
},
"thumbURL": {
"description": "thumbURL defines the URL to an image file that will be displayed as a thumbnail\non the right side of the message attachment.",
+ "pattern": "^https?://.+$",
+ "type": "string"
+ },
+ "timeout": {
+ "description": "timeout defines the maximum time to wait for a webhook request to complete,\nbefore failing the request and allowing it to be retried.\nIt requires Alertmanager >= v0.30.0.",
+ "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$",
"type": "string"
},
"title": {
"description": "title defines the title text displayed in the Slack message attachment.",
+ "minLength": 1,
"type": "string"
},
"titleLink": {
"description": "titleLink defines the URL that the title will link to when clicked.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"username": {
"description": "username defines the slack bot user name.",
+ "minLength": 1,
"type": "string"
}
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"snsConfigs": {
"description": "snsConfigs defines the list of SNS configurations",
@@ -7351,7 +7441,8 @@
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"telegramConfigs": {
"description": "telegramConfigs defines the list of Telegram configurations.",
@@ -7360,6 +7451,7 @@
"properties": {
"apiURL": {
"description": "apiURL defines the Telegram API URL, e.g. https://api.telegram.org.\nIf not specified, the default Telegram API URL will be used.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"botToken": {
@@ -8067,7 +8159,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"victoropsConfigs": {
"description": "victoropsConfigs defines the list of VictorOps configurations.",
@@ -8099,6 +8192,7 @@
},
"apiUrl": {
"description": "apiUrl defines the VictorOps API URL.\nWhen not specified, defaults to the standard VictorOps API endpoint.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"customFields": {
@@ -8122,10 +8216,12 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"entityDisplayName": {
"description": "entityDisplayName contains a summary of the alerted problem.\nThis appears as the main title or identifier for the incident.",
+ "minLength": 1,
"type": "string"
},
"httpConfig": {
@@ -8771,14 +8867,17 @@
},
"messageType": {
"description": "messageType describes the behavior of the alert.\nValid values are \"CRITICAL\", \"WARNING\", and \"INFO\".",
+ "minLength": 1,
"type": "string"
},
"monitoringTool": {
"description": "monitoringTool defines the monitoring tool the state message is from.\nThis helps identify the source system that generated the alert.",
+ "minLength": 1,
"type": "string"
},
"routingKey": {
"description": "routingKey defines a key used to map the alert to a team.\nThis determines which VictorOps team will receive the alert notification.",
+ "minLength": 1,
"type": "string"
},
"sendResolved": {
@@ -8787,12 +8886,17 @@
},
"stateMessage": {
"description": "stateMessage contains a long explanation of the alerted problem.\nThis provides detailed context about the incident.",
+ "minLength": 1,
"type": "string"
}
},
+ "required": [
+ "routingKey"
+ ],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"webexConfigs": {
"description": "webexConfigs defines the list of Webex configurations.",
@@ -9464,7 +9568,8 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"webhookConfigs": {
"description": "webhookConfigs defines the List of webhook configurations.",
@@ -10129,6 +10234,7 @@
},
"url": {
"description": "url defines the URL to send HTTP POST requests to.\nurlSecret takes precedence over url. One of urlSecret and url should be defined.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"urlSecret": {
@@ -10157,7 +10263,8 @@
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"wechatConfigs": {
"description": "wechatConfigs defines the list of WeChat configurations.",
@@ -10193,6 +10300,7 @@
},
"apiURL": {
"description": "apiURL defines the WeChat API URL.\nWhen not specified, defaults to the standard WeChat Work API endpoint.",
+ "pattern": "^https?://.+$",
"type": "string"
},
"corpID": {
@@ -10867,7 +10975,8 @@
},
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
}
},
"required": [
@@ -10875,7 +10984,11 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-map-keys": [
+ "name"
+ ],
+ "x-kubernetes-list-type": "map"
},
"route": {
"description": "route defines the Alertmanager route definition for alerts matching the resource's\nnamespace. If present, it will be added to the generated Alertmanager\nconfiguration as a first-level route.",
@@ -10885,7 +10998,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "set"
},
"continue": {
"description": "continue defines the boolean indicating whether an alert should continue matching subsequent\nsibling nodes. It will always be overridden to true for the first-level\nroute by the Prometheus operator.",
@@ -10896,7 +11010,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "set"
},
"groupInterval": {
"description": "groupInterval defines how long to wait before sending an updated notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"5m\"",
@@ -10940,14 +11055,16 @@
],
"type": "object"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
},
"muteTimeIntervals": {
"description": "muteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,",
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "set"
},
"receiver": {
"description": "receiver defines the name of the receiver for this route. If not empty, it should be listed in\nthe `receivers` field.",
@@ -10962,13 +11079,120 @@
"items": {
"x-kubernetes-preserve-unknown-fields": true
},
- "type": "array"
+ "type": "array",
+ "x-kubernetes-list-type": "atomic"
}
},
"type": "object"
}
},
"type": "object"
+ },
+ "status": {
+ "description": "status defines the status subresource. It is under active development and is updated only when the\n\"StatusForConfigurationResources\" feature gate is enabled.\n\nMost recent observed status of the ServiceMonitor. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
+ "properties": {
+ "bindings": {
+ "description": "bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource.",
+ "items": {
+ "description": "WorkloadBinding is a link between a configuration resource and a workload resource.",
+ "properties": {
+ "conditions": {
+ "description": "conditions defines the current state of the configuration resource when bound to the referenced Workload object.",
+ "items": {
+ "description": "ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler.",
+ "properties": {
+ "lastTransitionTime": {
+ "description": "lastTransitionTime defines the time of the last update to the current status property.",
+ "format": "date-time",
+ "type": "string"
+ },
+ "message": {
+ "description": "message defines the human-readable message indicating details for the condition's last transition.",
+ "type": "string"
+ },
+ "observedGeneration": {
+ "description": "observedGeneration defines the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the object.",
+ "format": "int64",
+ "type": "integer"
+ },
+ "reason": {
+ "description": "reason for the condition's last transition.",
+ "type": "string"
+ },
+ "status": {
+ "description": "status of the condition.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "type": {
+ "description": "type of the condition being reported.\nCurrently, only \"Accepted\" is supported.",
+ "enum": [
+ "Accepted"
+ ],
+ "minLength": 1,
+ "type": "string"
+ }
+ },
+ "required": [
+ "lastTransitionTime",
+ "status",
+ "type"
+ ],
+ "type": "object"
+ },
+ "type": "array",
+ "x-kubernetes-list-map-keys": [
+ "type"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "group": {
+ "description": "group defines the group of the referenced resource.",
+ "enum": [
+ "monitoring.coreos.com"
+ ],
+ "type": "string"
+ },
+ "name": {
+ "description": "name defines the name of the referenced object.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "namespace": {
+ "description": "namespace defines the namespace of the referenced object.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "resource": {
+ "description": "resource defines the type of resource being referenced (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager).",
+ "enum": [
+ "prometheuses",
+ "prometheusagents",
+ "thanosrulers",
+ "alertmanagers"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "group",
+ "name",
+ "namespace",
+ "resource"
+ ],
+ "type": "object"
+ },
+ "type": "array",
+ "x-kubernetes-list-map-keys": [
+ "group",
+ "resource",
+ "name",
+ "namespace"
+ ],
+ "x-kubernetes-list-type": "map"
+ }
+ },
+ "type": "object"
}
},
"required": [
@@ -10978,7 +11202,10 @@
}
},
"served": true,
- "storage": true
+ "storage": true,
+ "subresources": {
+ "status": {}
+ }
}
]
}
diff --git a/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet b/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet
index df05e53a50c..8dd65b157b2 100644
--- a/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet
+++ b/jsonnet/prometheus-operator/alertmanagerconfigs-v1beta1-crd.libsonnet
@@ -2492,6 +2492,7 @@
},
apiURL: {
description: 'apiURL defines the URL to send OpsGenie API requests to.\nWhen not specified, defaults to the standard OpsGenie API endpoint.',
+ pattern: '^https?://.+$',
type: 'string',
},
description: {
@@ -3236,22 +3237,27 @@
properties: {
class: {
description: 'class defines the class/type of the event.',
+ minLength: 1,
type: 'string',
},
client: {
description: 'client defines the client identification.',
+ minLength: 1,
type: 'string',
},
clientURL: {
description: 'clientURL defines the backlink to the sender of notification.',
+ pattern: '^https?://.+$',
type: 'string',
},
component: {
description: 'component defines the part or component of the affected system that is broken.',
+ minLength: 1,
type: 'string',
},
description: {
description: 'description of the incident.',
+ minLength: 1,
type: 'string',
},
details: {
@@ -3276,9 +3282,11 @@
type: 'object',
},
type: 'array',
+ 'x-kubernetes-list-type': 'atomic',
},
group: {
description: 'group defines a cluster or grouping of sources.',
+ minLength: 1,
type: 'string',
},
httpConfig: {
@@ -3926,20 +3934,24 @@
properties: {
alt: {
description: 'alt is the optional alternative text for the image.',
+ minLength: 1,
type: 'string',
},
href: {
description: 'href defines the optional URL; makes the image a clickable link.',
+ pattern: '^https?://.+$',
type: 'string',
},
src: {
description: 'src of the image being attached to the incident',
+ minLength: 1,
type: 'string',
},
},
type: 'object',
},
type: 'array',
+ 'x-kubernetes-list-type': 'atomic',
},
pagerDutyLinkConfigs: {
description: 'pagerDutyLinkConfigs defines a list of link details to attach that provide further detail about an incident.',
@@ -3948,16 +3960,19 @@
properties: {
alt: {
description: "alt defines the text that describes the purpose of the link, and can be used as the link's text.",
+ minLength: 1,
type: 'string',
},
href: {
description: 'href defines the URL of the link to be attached',
+ pattern: '^https?://.+$',
type: 'string',
},
},
type: 'object',
},
type: 'array',
+ 'x-kubernetes-list-type': 'atomic',
},
routingKey: {
description: "routingKey defines the secret's key that contains the PagerDuty integration key (when using\nEvents API v2). Either this field or `serviceKey` needs to be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.",
@@ -4005,14 +4020,22 @@
},
severity: {
description: 'severity of the incident.',
+ minLength: 1,
type: 'string',
},
source: {
description: 'source defines the unique location of the affected system.',
+ minLength: 1,
+ type: 'string',
+ },
+ timeout: {
+ description: 'timeout is the maximum time allowed to invoke the pagerduty\nIt requires Alertmanager >= v0.30.0.',
+ pattern: '^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$',
type: 'string',
},
url: {
description: 'url defines the URL to send requests to.',
+ pattern: '^https?://.+$',
type: 'string',
},
},
@@ -4027,6 +4050,7 @@
properties: {
device: {
description: "device defines the name of a specific device to send the notification to.\nIf not specified, the notification is sent to all user's devices.",
+ minLength: 1,
type: 'string',
},
expire: {
@@ -4035,7 +4059,7 @@
type: 'string',
},
html: {
- description: 'html defines whether notification message is HTML or plain text.\nWhen true, the message can include HTML formatting tags.',
+ description: 'html defines whether notification message is HTML or plain text.\nWhen true, the message can include HTML formatting tags.\nhtml and monospace formatting are mutually exclusive.',
type: 'boolean',
},
httpConfig: {
@@ -4678,6 +4702,7 @@
},
message: {
description: 'message defines the notification message content.\nThis is the main body text of the Pushover notification.',
+ minLength: 1,
type: 'string',
},
monospace: {
@@ -4686,6 +4711,7 @@
},
priority: {
description: 'priority defines the notification priority level.\nSee https://pushover.net/api#priority for valid values and behavior.',
+ minLength: 1,
type: 'string',
},
retry: {
@@ -4699,10 +4725,12 @@
},
sound: {
description: "sound defines the name of one of the sounds supported by device clients.\nThis overrides the user's default sound choice for this notification.",
+ minLength: 1,
type: 'string',
},
title: {
description: 'title defines the notification title displayed in the Pushover message.\nThis appears as the bold header text in the notification.',
+ minLength: 1,
type: 'string',
},
token: {
@@ -4736,10 +4764,12 @@
},
url: {
description: 'url defines a supplementary URL shown alongside the message.\nThis creates a clickable link within the Pushover notification.',
+ pattern: '^https?://.+$',
type: 'string',
},
urlTitle: {
description: 'urlTitle defines a title for the supplementary URL.\nIf not specified, the raw URL is shown instead.',
+ minLength: 1,
type: 'string',
},
userKey: {
@@ -5597,10 +5627,12 @@
properties: {
dismissText: {
description: 'dismissText defines the label for the cancel button in the dialog.\nWhen not specified, defaults to "Cancel". This button cancels the action.',
+ minLength: 1,
type: 'string',
},
okText: {
description: 'okText defines the label for the confirmation button in the dialog.\nWhen not specified, defaults to "Okay". This button proceeds with the action.',
+ minLength: 1,
type: 'string',
},
text: {
@@ -5610,6 +5642,7 @@
},
title: {
description: 'title defines the title text displayed at the top of the confirmation dialog.\nWhen not specified, a default title will be used.',
+ minLength: 1,
type: 'string',
},
},
@@ -5620,10 +5653,12 @@
},
name: {
description: 'name defines a unique identifier for the action within the message.\nThis value is sent back to your application when the action is triggered.',
+ minLength: 1,
type: 'string',
},
style: {
description: 'style defines the visual appearance of the action element.\nValid values include "default", "primary" (green), and "danger" (red).',
+ minLength: 1,
type: 'string',
},
text: {
@@ -5638,10 +5673,12 @@
},
url: {
description: 'url defines the URL to open when the action is triggered.\nOnly applicable for button-type actions. When set, clicking the button opens this URL.',
+ pattern: '^https?://.+$',
type: 'string',
},
value: {
description: 'value defines the payload sent when the action is triggered.\nThis data is included in the callback sent to your application.',
+ minLength: 1,
type: 'string',
},
},
@@ -5651,7 +5688,9 @@
],
type: 'object',
},
+ minItems: 1,
type: 'array',
+ 'x-kubernetes-list-type': 'atomic',
},
apiURL: {
description: "apiURL defines the secret's key that contains the Slack webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.",
@@ -5675,18 +5714,22 @@
},
callbackId: {
description: 'callbackId defines an identifier for the message used in interactive components.',
+ minLength: 1,
type: 'string',
},
channel: {
description: 'channel defines the channel or user to send notifications to.',
+ minLength: 1,
type: 'string',
},
color: {
description: 'color defines the color of the left border of the Slack message attachment.\nCan be a hex color code (e.g., "#ff0000") or a predefined color name.',
+ minLength: 1,
type: 'string',
},
fallback: {
description: "fallback defines a plain-text summary of the attachment for clients that don't support attachments.",
+ minLength: 1,
type: 'string',
},
fields: {
@@ -5715,10 +5758,13 @@
],
type: 'object',
},
+ minItems: 1,
type: 'array',
+ 'x-kubernetes-list-type': 'atomic',
},
footer: {
description: 'footer defines small text displayed at the bottom of the message attachment.',
+ minLength: 1,
type: 'string',
},
httpConfig: {
@@ -6361,14 +6407,17 @@
},
iconEmoji: {
description: "iconEmoji defines the emoji to use as the bot's avatar (e.g., \":ghost:\").",
+ minLength: 1,
type: 'string',
},
iconURL: {
description: "iconURL defines the URL to an image to use as the bot's avatar.",
+ pattern: '^https?://.+$',
type: 'string',
},
imageURL: {
description: 'imageURL defines the URL to an image file that will be displayed inside the message attachment.',
+ pattern: '^https?://.+$',
type: 'string',
},
linkNames: {
@@ -6378,12 +6427,16 @@
mrkdwnIn: {
description: 'mrkdwnIn defines which fields should be parsed as Slack markdown.\nValid values include "pretext", "text", and "fields".',
items: {
+ minLength: 1,
type: 'string',
},
+ minItems: 1,
type: 'array',
+ 'x-kubernetes-list-type': 'atomic',
},
pretext: {
description: 'pretext defines optional text that appears above the message attachment block.',
+ minLength: 1,
type: 'string',
},
sendResolved: {
@@ -6396,22 +6449,32 @@
},
text: {
description: 'text defines the main text content of the Slack message attachment.',
+ minLength: 1,
type: 'string',
},
thumbURL: {
description: 'thumbURL defines the URL to an image file that will be displayed as a thumbnail\non the right side of the message attachment.',
+ pattern: '^https?://.+$',
+ type: 'string',
+ },
+ timeout: {
+ description: 'timeout defines the maximum time to wait for a webhook request to complete,\nbefore failing the request and allowing it to be retried.\nIt requires Alertmanager >= v0.30.0.',
+ pattern: '^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$',
type: 'string',
},
title: {
description: 'title defines the title text displayed in the Slack message attachment.',
+ minLength: 1,
type: 'string',
},
titleLink: {
description: 'titleLink defines the URL that the title will link to when clicked.',
+ pattern: '^https?://.+$',
type: 'string',
},
username: {
description: 'username defines the slack bot user name.',
+ minLength: 1,
type: 'string',
},
},
@@ -7177,6 +7240,7 @@
properties: {
apiURL: {
description: 'apiURL defines the Telegram API URL, e.g. https://api.telegram.org.\nIf not specified, the default Telegram API URL will be used.',
+ pattern: '^https?://.+$',
type: 'string',
},
botToken: {
@@ -7907,6 +7971,7 @@
},
apiUrl: {
description: 'apiUrl defines the VictorOps API URL.\nWhen not specified, defaults to the standard VictorOps API endpoint.',
+ pattern: '^https?://.+$',
type: 'string',
},
customFields: {
@@ -7931,9 +7996,11 @@
type: 'object',
},
type: 'array',
+ 'x-kubernetes-list-type': 'atomic',
},
entityDisplayName: {
description: 'entityDisplayName contains a summary of the alerted problem.\nThis appears as the main title or identifier for the incident.',
+ minLength: 1,
type: 'string',
},
httpConfig: {
@@ -8576,14 +8643,17 @@
},
messageType: {
description: 'messageType describes the behavior of the alert.\nValid values are "CRITICAL", "WARNING", and "INFO".',
+ minLength: 1,
type: 'string',
},
monitoringTool: {
description: 'monitoringTool defines the monitoring tool the state message is from.\nThis helps identify the source system that generated the alert.',
+ minLength: 1,
type: 'string',
},
routingKey: {
description: 'routingKey defines a key used to map the alert to a team.\nThis determines which VictorOps team will receive the alert notification.',
+ minLength: 1,
type: 'string',
},
sendResolved: {
@@ -8592,9 +8662,13 @@
},
stateMessage: {
description: 'stateMessage contains a long explanation of the alerted problem.\nThis provides detailed context about the incident.',
+ minLength: 1,
type: 'string',
},
},
+ required: [
+ 'routingKey',
+ ],
type: 'object',
},
type: 'array',
@@ -9928,6 +10002,7 @@
},
url: {
description: 'url defines the URL to send HTTP POST requests to.\nurlSecret takes precedence over url. One of urlSecret and url should be defined.',
+ pattern: '^https?://.+$',
type: 'string',
},
urlSecret: {
@@ -9986,6 +10061,7 @@
},
apiURL: {
description: 'apiURL defines the WeChat API URL.\nWhen not specified, defaults to the standard WeChat Work API endpoint.',
+ pattern: '^https?://.+$',
type: 'string',
},
corpID: {
@@ -10852,6 +10928,112 @@
},
type: 'object',
},
+ status: {
+ description: 'status defines the status subresource. It is under active development and is updated only when the\n"StatusForConfigurationResources" feature gate is enabled.\n\nMost recent observed status of the ServiceMonitor. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status',
+ properties: {
+ bindings: {
+ description: 'bindings defines the list of workload resources (Prometheus, PrometheusAgent, ThanosRuler or Alertmanager) which select the configuration resource.',
+ items: {
+ description: 'WorkloadBinding is a link between a configuration resource and a workload resource.',
+ properties: {
+ conditions: {
+ description: 'conditions defines the current state of the configuration resource when bound to the referenced Workload object.',
+ items: {
+ description: 'ConfigResourceCondition describes the status of configuration resources linked to Prometheus, PrometheusAgent, Alertmanager or ThanosRuler.',
+ properties: {
+ lastTransitionTime: {
+ description: 'lastTransitionTime defines the time of the last update to the current status property.',
+ format: 'date-time',
+ type: 'string',
+ },
+ message: {
+ description: "message defines the human-readable message indicating details for the condition's last transition.",
+ type: 'string',
+ },
+ observedGeneration: {
+ description: 'observedGeneration defines the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the object.',
+ format: 'int64',
+ type: 'integer',
+ },
+ reason: {
+ description: "reason for the condition's last transition.",
+ type: 'string',
+ },
+ status: {
+ description: 'status of the condition.',
+ minLength: 1,
+ type: 'string',
+ },
+ type: {
+ description: 'type of the condition being reported.\nCurrently, only "Accepted" is supported.',
+ enum: [
+ 'Accepted',
+ ],
+ minLength: 1,
+ type: 'string',
+ },
+ },
+ required: [
+ 'lastTransitionTime',
+ 'status',
+ 'type',
+ ],
+ type: 'object',
+ },
+ type: 'array',
+ 'x-kubernetes-list-map-keys': [
+ 'type',
+ ],
+ 'x-kubernetes-list-type': 'map',
+ },
+ group: {
+ description: 'group defines the group of the referenced resource.',
+ enum: [
+ 'monitoring.coreos.com',
+ ],
+ type: 'string',
+ },
+ name: {
+ description: 'name defines the name of the referenced object.',
+ minLength: 1,
+ type: 'string',
+ },
+ namespace: {
+ description: 'namespace defines the namespace of the referenced object.',
+ minLength: 1,
+ type: 'string',
+ },
+ resource: {
+ description: 'resource defines the type of resource being referenced (e.g. Prometheus, PrometheusAgent, ThanosRuler or Alertmanager).',
+ enum: [
+ 'prometheuses',
+ 'prometheusagents',
+ 'thanosrulers',
+ 'alertmanagers',
+ ],
+ type: 'string',
+ },
+ },
+ required: [
+ 'group',
+ 'name',
+ 'namespace',
+ 'resource',
+ ],
+ type: 'object',
+ },
+ type: 'array',
+ 'x-kubernetes-list-map-keys': [
+ 'group',
+ 'resource',
+ 'name',
+ 'namespace',
+ ],
+ 'x-kubernetes-list-type': 'map',
+ },
+ },
+ type: 'object',
+ },
},
required: [
'spec',
@@ -10861,5 +11043,8 @@
},
served: true,
storage: false,
+ subresources: {
+ status: {},
+ },
},
] } }
diff --git a/jsonnet/prometheus-operator/alertmanagers-crd.json b/jsonnet/prometheus-operator/alertmanagers-crd.json
index 4d33aac2f13..b2f83691158 100644
--- a/jsonnet/prometheus-operator/alertmanagers-crd.json
+++ b/jsonnet/prometheus-operator/alertmanagers-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "alertmanagers.monitoring.coreos.com"
},
@@ -2065,7 +2065,7 @@
"type": "object"
},
"webex": {
- "description": "webex defines the default configuration for Jira.",
+ "description": "webex defines the default configuration for Webex.",
"properties": {
"apiURL": {
"description": "apiURL defines the is the default Webex API URL.\n\nIt requires Alertmanager >= v0.25.0.",
@@ -5429,7 +5429,7 @@
"type": "string"
},
"minReadySeconds": {
- "description": "minReadySeconds defines the minimum number of seconds for which a newly created pod should be ready\nwithout any of its container crashing for it to be considered available.\n\nIf unset, pods will be considered available as soon as they are ready.",
+ "description": "minReadySeconds defines the minimum number of seconds for which a newly\ncreated pod should be ready without any of its container crashing for it\nto be considered available.\n\nIf unset, pods will be considered available as soon as they are ready.\n\nWhen the Alertmanager version is greater than or equal to v0.30.0, the\nduration is also used to delay the first flush of the aggregation\ngroups. This delay helps ensuring that all alerts have been resent by\nthe Prometheus instances to Alertmanager after a roll-out. It is\npossible to override this behavior passing a custom value via\n`.spec.additionalArgs`.",
"format": "int32",
"minimum": 0,
"type": "integer"
@@ -5459,6 +5459,14 @@
},
"type": "object"
},
+ "podManagementPolicy": {
+ "description": "podManagementPolicy defines the policy for creating/deleting pods when\nscaling up and down.\n\nUnlike the default StatefulSet behavior, the default policy is\n`Parallel` to avoid manual intervention in case a pod gets stuck during\na rollout.\n\nNote that updating this value implies the recreation of the StatefulSet\nwhich incurs a service outage.",
+ "enum": [
+ "OrderedReady",
+ "Parallel"
+ ],
+ "type": "string"
+ },
"podMetadata": {
"description": "podMetadata defines labels and annotations which are propagated to the Alertmanager pods.\n\nThe following items are reserved and cannot be overridden:\n* \"alertmanager\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"alertmanager\".\n* \"app.kubernetes.io/version\" label, set to the Alertmanager version.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\".",
"properties": {
@@ -6410,6 +6418,47 @@
},
"type": "array"
},
+ "updateStrategy": {
+ "description": "updateStrategy indicates the strategy that will be employed to update\nPods in the StatefulSet when a revision is made to statefulset's Pod\nTemplate.\n\nThe default strategy is RollingUpdate.",
+ "properties": {
+ "rollingUpdate": {
+ "description": "rollingUpdate is used to communicate parameters when type is RollingUpdate.",
+ "properties": {
+ "maxUnavailable": {
+ "anyOf": [
+ {
+ "type": "integer"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "maxUnavailable is the maximum number of pods that can be unavailable\nduring the update. The value can be an absolute number (ex: 5) or a\npercentage of desired pods (ex: 10%). Absolute number is calculated from\npercentage by rounding up. This can not be 0. Defaults to 1. This field\nis alpha-level and is only honored by servers that enable the\nMaxUnavailableStatefulSet feature. The field applies to all pods in the\nrange 0 to Replicas-1. That means if there is any unavailable pod in\nthe range 0 to Replicas-1, it will be counted towards MaxUnavailable.",
+ "x-kubernetes-int-or-string": true
+ }
+ },
+ "type": "object"
+ },
+ "type": {
+ "description": "type indicates the type of the StatefulSetUpdateStrategy.\n\nDefault is RollingUpdate.",
+ "enum": [
+ "OnDelete",
+ "RollingUpdate"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "object",
+ "x-kubernetes-validations": [
+ {
+ "message": "rollingUpdate requires type to be RollingUpdate",
+ "rule": "!(self.type != 'RollingUpdate' && has(self.rollingUpdate))"
+ }
+ ]
+ },
"version": {
"description": "version the cluster should be on.",
"type": "string"
diff --git a/jsonnet/prometheus-operator/podmonitors-crd.json b/jsonnet/prometheus-operator/podmonitors-crd.json
index 6473c801997..5e23edf3fc8 100644
--- a/jsonnet/prometheus-operator/podmonitors-crd.json
+++ b/jsonnet/prometheus-operator/podmonitors-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "podmonitors.monitoring.coreos.com"
},
@@ -1004,6 +1004,10 @@
"description": "scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.\n\nNotice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.",
"type": "boolean"
},
+ "scrapeNativeHistograms": {
+ "description": "scrapeNativeHistograms defines whether to enable scraping of native histograms.\nIt requires Prometheus >= v3.8.0.",
+ "type": "boolean"
+ },
"scrapeProtocols": {
"description": "scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.",
"items": {
diff --git a/jsonnet/prometheus-operator/probes-crd.json b/jsonnet/prometheus-operator/probes-crd.json
index 94c26ad5110..379a45112bd 100644
--- a/jsonnet/prometheus-operator/probes-crd.json
+++ b/jsonnet/prometheus-operator/probes-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "probes.monitoring.coreos.com"
},
@@ -45,7 +45,7 @@
"description": "spec defines the specification of desired Ingress selection for target discovery by Prometheus.",
"properties": {
"authorization": {
- "description": "authorization section for this endpoint",
+ "description": "authorization configures the Authorization header credentials used by\nthe client.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.",
"properties": {
"credentials": {
"description": "credentials defines a key of a Secret in the namespace that contains the credentials for authentication.",
@@ -78,7 +78,7 @@
"type": "object"
},
"basicAuth": {
- "description": "basicAuth allow an endpoint to authenticate over basic authentication.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoint",
+ "description": "basicAuth defines the Basic Authentication credentials used by the\nclient.\n\nCannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.",
"properties": {
"password": {
"description": "password defines a key of a Secret containing the password for\nauthentication.",
@@ -130,7 +130,7 @@
"type": "object"
},
"bearerTokenSecret": {
- "description": "bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret\nneeds to be in the same namespace as the probe and accessible by\nthe Prometheus Operator.",
+ "description": "bearerTokenSecret defines a key of a Secret containing the bearer token\nused by the client for authentication. The secret needs to be in the\nsame namespace as the custom resource and readable by the Prometheus\nOperator.\n\nCannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.\n\nDeprecated: use `authorization` instead.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
@@ -156,6 +156,10 @@
"description": "convertClassicHistogramsToNHCB defines whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.",
"type": "boolean"
},
+ "enableHttp2": {
+ "description": "enableHttp2 can be used to disable HTTP2.",
+ "type": "boolean"
+ },
"fallbackScrapeProtocol": {
"description": "fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.",
"enum": [
@@ -167,6 +171,10 @@
],
"type": "string"
},
+ "followRedirects": {
+ "description": "followRedirects defines whether the client should follow HTTP 3xx\nredirects.",
+ "type": "boolean"
+ },
"interval": {
"description": "interval at which targets are probed using the configured prober.\nIf not specified Prometheus' global scrape interval is used.",
"pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$",
@@ -287,7 +295,7 @@
"x-kubernetes-int-or-string": true
},
"oauth2": {
- "description": "oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.",
+ "description": "oauth2 defines the OAuth2 settings used by the client.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.",
"properties": {
"clientId": {
"description": "clientId defines a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.",
@@ -715,6 +723,10 @@
"description": "scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.\n\nNotice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.",
"type": "boolean"
},
+ "scrapeNativeHistograms": {
+ "description": "scrapeNativeHistograms defines whether to enable scraping of native histograms.\nIt requires Prometheus >= v3.8.0.",
+ "type": "boolean"
+ },
"scrapeProtocols": {
"description": "scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.",
"items": {
@@ -972,7 +984,7 @@
"type": "object"
},
"tlsConfig": {
- "description": "tlsConfig defines the TLS configuration to use when scraping the endpoint.",
+ "description": "tlsConfig defines the TLS configuration used by the client.",
"properties": {
"ca": {
"description": "ca defines the Certificate authority used when verifying server certificates.",
diff --git a/jsonnet/prometheus-operator/prometheus-operator.libsonnet b/jsonnet/prometheus-operator/prometheus-operator.libsonnet
index 46d2adb6bb1..3dece63ef10 100644
--- a/jsonnet/prometheus-operator/prometheus-operator.libsonnet
+++ b/jsonnet/prometheus-operator/prometheus-operator.libsonnet
@@ -197,6 +197,8 @@ function(params) {
args: [
'--kubelet-service=' + po.config.kubeletService,
'--prometheus-config-reloader=' + po.config.configReloaderImage,
+ '--watch-referenced-objects-in-all-namespaces=true',
+ '--disable-unmanaged-prometheus-configuration=true',
] +
[std.format('--kubelet-endpoints=%s', po.config.kubeletEndpointsEnabled)] +
[std.format('--kubelet-endpointslice=%s', po.config.kubeletEndpointSliceEnabled)] +
diff --git a/jsonnet/prometheus-operator/prometheusagents-crd.json b/jsonnet/prometheus-operator/prometheusagents-crd.json
index 15bd6947784..b6cc7e9804a 100644
--- a/jsonnet/prometheus-operator/prometheusagents-crd.json
+++ b/jsonnet/prometheus-operator/prometheusagents-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "prometheusagents.monitoring.coreos.com"
},
@@ -4330,6 +4330,14 @@
},
"type": "object"
},
+ "podManagementPolicy": {
+ "description": "podManagementPolicy defines the policy for creating/deleting pods when\nscaling up and down.\n\nUnlike the default StatefulSet behavior, the default policy is\n`Parallel` to avoid manual intervention in case a pod gets stuck during\na rollout.\n\nNote that updating this value implies the recreation of the StatefulSet\nwhich incurs a service outage.",
+ "enum": [
+ "OrderedReady",
+ "Parallel"
+ ],
+ "type": "string"
+ },
"podMetadata": {
"description": "podMetadata defines labels and annotations which are propagated to the Prometheus pods.\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\".",
"properties": {
@@ -4617,7 +4625,7 @@
"type": "string"
},
"managedIdentity": {
- "description": "managedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth` or `sdk`.",
+ "description": "managedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.",
"properties": {
"clientId": {
"description": "clientId defines the Azure User-assigned Managed identity.\n\nFor Prometheus >= 3.5.0 and Thanos >= 0.40.0, this field is allowed to be empty to support system-assigned managed identities.",
@@ -4628,7 +4636,7 @@
"type": "object"
},
"oauth": {
- "description": "oauth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.",
+ "description": "oauth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.",
"properties": {
"clientId": {
"description": "clientId defines the clientId of the Azure Active Directory application that is being used to authenticate.",
@@ -4672,8 +4680,13 @@
],
"type": "object"
},
+ "scope": {
+ "description": "scope is the custom OAuth 2.0 scope to request when acquiring tokens.\nIt requires Prometheus >= 3.9.0. Currently not supported by Thanos.",
+ "pattern": "^[\\w\\s:/.\\\\-]+$",
+ "type": "string"
+ },
"sdk": {
- "description": "sdk defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.",
+ "description": "sdk defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.",
"properties": {
"tenantId": {
"description": "tenantId defines the tenant ID of the azure active directory application that is being used to authenticate.",
@@ -4682,6 +4695,26 @@
}
},
"type": "object"
+ },
+ "workloadIdentity": {
+ "description": "workloadIdentity defines the Azure Workload Identity authentication.\nCannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.\n\nIt requires Prometheus >= 3.7.0. Currently not supported by Thanos.",
+ "properties": {
+ "clientId": {
+ "description": "clientId is the clientID of the Azure Active Directory application.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "tenantId": {
+ "description": "tenantId is the tenant ID of the Azure Active Directory application.",
+ "minLength": 1,
+ "type": "string"
+ }
+ },
+ "required": [
+ "clientId",
+ "tenantId"
+ ],
+ "type": "object"
}
},
"type": "object"
@@ -6140,6 +6173,10 @@
"pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$",
"type": "string"
},
+ "scrapeNativeHistograms": {
+ "description": "scrapeNativeHistograms defines whether to enable scraping of native histograms.\nIt requires Prometheus >= v3.8.0.",
+ "type": "boolean"
+ },
"scrapeProtocols": {
"description": "scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.\n\n`PrometheusText1.0.0` requires Prometheus >= v3.0.0.",
"items": {
@@ -7113,17 +7150,20 @@
"description": "tracingConfig defines tracing in Prometheus.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.",
"properties": {
"clientType": {
- "description": "clientType defines the client used to export the traces. Supported values are `http` or `grpc`.",
+ "description": "clientType defines the client used to export the traces. Supported values are `HTTP` and `GRPC`.",
"enum": [
"http",
- "grpc"
+ "grpc",
+ "HTTP",
+ "GRPC"
],
"type": "string"
},
"compression": {
- "description": "compression key for supported compression types. The only supported value is `gzip`.",
+ "description": "compression key for supported compression types. The only supported value is `Gzip`.",
"enum": [
- "gzip"
+ "gzip",
+ "Gzip"
],
"type": "string"
},
@@ -7351,6 +7391,47 @@
},
"type": "object"
},
+ "updateStrategy": {
+ "description": "updateStrategy indicates the strategy that will be employed to update\nPods in the StatefulSet when a revision is made to statefulset's Pod\nTemplate.\n\nThe default strategy is RollingUpdate.",
+ "properties": {
+ "rollingUpdate": {
+ "description": "rollingUpdate is used to communicate parameters when type is RollingUpdate.",
+ "properties": {
+ "maxUnavailable": {
+ "anyOf": [
+ {
+ "type": "integer"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "maxUnavailable is the maximum number of pods that can be unavailable\nduring the update. The value can be an absolute number (ex: 5) or a\npercentage of desired pods (ex: 10%). Absolute number is calculated from\npercentage by rounding up. This can not be 0. Defaults to 1. This field\nis alpha-level and is only honored by servers that enable the\nMaxUnavailableStatefulSet feature. The field applies to all pods in the\nrange 0 to Replicas-1. That means if there is any unavailable pod in\nthe range 0 to Replicas-1, it will be counted towards MaxUnavailable.",
+ "x-kubernetes-int-or-string": true
+ }
+ },
+ "type": "object"
+ },
+ "type": {
+ "description": "type indicates the type of the StatefulSetUpdateStrategy.\n\nDefault is RollingUpdate.",
+ "enum": [
+ "OnDelete",
+ "RollingUpdate"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "object",
+ "x-kubernetes-validations": [
+ {
+ "message": "rollingUpdate requires type to be RollingUpdate",
+ "rule": "!(self.type != 'RollingUpdate' && has(self.rollingUpdate))"
+ }
+ ]
+ },
"version": {
"description": "version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased.",
"type": "string"
@@ -9126,6 +9207,26 @@
{
"message": "probeSelector cannot be set when mode is DaemonSet",
"rule": "!(has(self.mode) && self.mode == 'DaemonSet' && has(self.probeSelector))"
+ },
+ {
+ "message": "scrapeConfigNamespaceSelector cannot be set when mode is DaemonSet",
+ "rule": "!(has(self.mode) && self.mode == 'DaemonSet' && has(self.scrapeConfigNamespaceSelector))"
+ },
+ {
+ "message": "probeNamespaceSelector cannot be set when mode is DaemonSet",
+ "rule": "!(has(self.mode) && self.mode == 'DaemonSet' && has(self.probeNamespaceSelector))"
+ },
+ {
+ "message": "serviceMonitorSelector cannot be set when mode is DaemonSet",
+ "rule": "!(has(self.mode) && self.mode == 'DaemonSet' && has(self.serviceMonitorSelector))"
+ },
+ {
+ "message": "serviceMonitorNamespaceSelector cannot be set when mode is DaemonSet",
+ "rule": "!(has(self.mode) && self.mode == 'DaemonSet' && has(self.serviceMonitorNamespaceSelector))"
+ },
+ {
+ "message": "additionalScrapeConfigs cannot be set when mode is DaemonSet",
+ "rule": "!(has(self.mode) && self.mode == 'DaemonSet' && has(self.additionalScrapeConfigs))"
}
]
},
diff --git a/jsonnet/prometheus-operator/prometheuses-crd.json b/jsonnet/prometheus-operator/prometheuses-crd.json
index 20269972d18..b5c15e3aa46 100644
--- a/jsonnet/prometheus-operator/prometheuses-crd.json
+++ b/jsonnet/prometheus-operator/prometheuses-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "prometheuses.monitoring.coreos.com"
},
@@ -4990,6 +4990,14 @@
},
"type": "object"
},
+ "podManagementPolicy": {
+ "description": "podManagementPolicy defines the policy for creating/deleting pods when\nscaling up and down.\n\nUnlike the default StatefulSet behavior, the default policy is\n`Parallel` to avoid manual intervention in case a pod gets stuck during\na rollout.\n\nNote that updating this value implies the recreation of the StatefulSet\nwhich incurs a service outage.",
+ "enum": [
+ "OrderedReady",
+ "Parallel"
+ ],
+ "type": "string"
+ },
"podMetadata": {
"description": "podMetadata defines labels and annotations which are propagated to the Prometheus pods.\n\nThe following items are reserved and cannot be overridden:\n* \"prometheus\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/instance\" label, set to the name of the Prometheus object.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"prometheus\".\n* \"app.kubernetes.io/version\" label, set to the Prometheus version.\n* \"operator.prometheus.io/name\" label, set to the name of the Prometheus object.\n* \"operator.prometheus.io/shard\" label, set to the shard number of the Prometheus object.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"prometheus\".",
"properties": {
@@ -6005,7 +6013,7 @@
"type": "string"
},
"managedIdentity": {
- "description": "managedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth` or `sdk`.",
+ "description": "managedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.",
"properties": {
"clientId": {
"description": "clientId defines the Azure User-assigned Managed identity.\n\nFor Prometheus >= 3.5.0 and Thanos >= 0.40.0, this field is allowed to be empty to support system-assigned managed identities.",
@@ -6016,7 +6024,7 @@
"type": "object"
},
"oauth": {
- "description": "oauth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.",
+ "description": "oauth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.",
"properties": {
"clientId": {
"description": "clientId defines the clientId of the Azure Active Directory application that is being used to authenticate.",
@@ -6060,8 +6068,13 @@
],
"type": "object"
},
+ "scope": {
+ "description": "scope is the custom OAuth 2.0 scope to request when acquiring tokens.\nIt requires Prometheus >= 3.9.0. Currently not supported by Thanos.",
+ "pattern": "^[\\w\\s:/.\\\\-]+$",
+ "type": "string"
+ },
"sdk": {
- "description": "sdk defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.",
+ "description": "sdk defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.",
"properties": {
"tenantId": {
"description": "tenantId defines the tenant ID of the azure active directory application that is being used to authenticate.",
@@ -6070,6 +6083,26 @@
}
},
"type": "object"
+ },
+ "workloadIdentity": {
+ "description": "workloadIdentity defines the Azure Workload Identity authentication.\nCannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.\n\nIt requires Prometheus >= 3.7.0. Currently not supported by Thanos.",
+ "properties": {
+ "clientId": {
+ "description": "clientId is the clientID of the Azure Active Directory application.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "tenantId": {
+ "description": "tenantId is the tenant ID of the Azure Active Directory application.",
+ "minLength": 1,
+ "type": "string"
+ }
+ },
+ "required": [
+ "clientId",
+ "tenantId"
+ ],
+ "type": "object"
}
},
"type": "object"
@@ -7657,6 +7690,10 @@
"pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$",
"type": "string"
},
+ "scrapeNativeHistograms": {
+ "description": "scrapeNativeHistograms defines whether to enable scraping of native histograms.\nIt requires Prometheus >= v3.8.0.",
+ "type": "boolean"
+ },
"scrapeProtocols": {
"description": "scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.\n\n`PrometheusText1.0.0` requires Prometheus >= v3.0.0.",
"items": {
@@ -9103,17 +9140,20 @@
"description": "tracingConfig defines tracing in Prometheus.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.",
"properties": {
"clientType": {
- "description": "clientType defines the client used to export the traces. Supported values are `http` or `grpc`.",
+ "description": "clientType defines the client used to export the traces. Supported values are `HTTP` and `GRPC`.",
"enum": [
"http",
- "grpc"
+ "grpc",
+ "HTTP",
+ "GRPC"
],
"type": "string"
},
"compression": {
- "description": "compression key for supported compression types. The only supported value is `gzip`.",
+ "description": "compression key for supported compression types. The only supported value is `Gzip`.",
"enum": [
- "gzip"
+ "gzip",
+ "Gzip"
],
"type": "string"
},
@@ -9341,6 +9381,47 @@
},
"type": "object"
},
+ "updateStrategy": {
+ "description": "updateStrategy indicates the strategy that will be employed to update\nPods in the StatefulSet when a revision is made to statefulset's Pod\nTemplate.\n\nThe default strategy is RollingUpdate.",
+ "properties": {
+ "rollingUpdate": {
+ "description": "rollingUpdate is used to communicate parameters when type is RollingUpdate.",
+ "properties": {
+ "maxUnavailable": {
+ "anyOf": [
+ {
+ "type": "integer"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "maxUnavailable is the maximum number of pods that can be unavailable\nduring the update. The value can be an absolute number (ex: 5) or a\npercentage of desired pods (ex: 10%). Absolute number is calculated from\npercentage by rounding up. This can not be 0. Defaults to 1. This field\nis alpha-level and is only honored by servers that enable the\nMaxUnavailableStatefulSet feature. The field applies to all pods in the\nrange 0 to Replicas-1. That means if there is any unavailable pod in\nthe range 0 to Replicas-1, it will be counted towards MaxUnavailable.",
+ "x-kubernetes-int-or-string": true
+ }
+ },
+ "type": "object"
+ },
+ "type": {
+ "description": "type indicates the type of the StatefulSetUpdateStrategy.\n\nDefault is RollingUpdate.",
+ "enum": [
+ "OnDelete",
+ "RollingUpdate"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "object",
+ "x-kubernetes-validations": [
+ {
+ "message": "rollingUpdate requires type to be RollingUpdate",
+ "rule": "!(self.type != 'RollingUpdate' && has(self.rollingUpdate))"
+ }
+ ]
+ },
"version": {
"description": "version of Prometheus being deployed. The operator uses this information\nto generate the Prometheus StatefulSet + configuration files.\n\nIf not specified, the operator assumes the latest upstream version of\nPrometheus available at the time when the version of the operator was\nreleased.",
"type": "string"
diff --git a/jsonnet/prometheus-operator/prometheusrules-crd.json b/jsonnet/prometheus-operator/prometheusrules-crd.json
index dcced716fad..6a9f4f5237a 100644
--- a/jsonnet/prometheus-operator/prometheusrules-crd.json
+++ b/jsonnet/prometheus-operator/prometheusrules-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "prometheusrules.monitoring.coreos.com"
},
diff --git a/jsonnet/prometheus-operator/scrapeconfigs-crd.json b/jsonnet/prometheus-operator/scrapeconfigs-crd.json
index 69955b19531..71c712b9442 100644
--- a/jsonnet/prometheus-operator/scrapeconfigs-crd.json
+++ b/jsonnet/prometheus-operator/scrapeconfigs-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "scrapeconfigs.monitoring.coreos.com"
},
@@ -11668,6 +11668,10 @@
"pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$",
"type": "string"
},
+ "scrapeNativeHistograms": {
+ "description": "scrapeNativeHistograms defines whether to enable scraping of native histograms.\nIt requires Prometheus >= v3.8.0.",
+ "type": "boolean"
+ },
"scrapeProtocols": {
"description": "scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.",
"items": {
diff --git a/jsonnet/prometheus-operator/servicemonitors-crd.json b/jsonnet/prometheus-operator/servicemonitors-crd.json
index 60abe73e087..b7e85bba305 100644
--- a/jsonnet/prometheus-operator/servicemonitors-crd.json
+++ b/jsonnet/prometheus-operator/servicemonitors-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "servicemonitors.monitoring.coreos.com"
},
@@ -69,7 +69,7 @@
"description": "Endpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus.",
"properties": {
"authorization": {
- "description": "authorization configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.",
+ "description": "authorization configures the Authorization header credentials used by\nthe client.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenSecret` or `oauth2`.",
"properties": {
"credentials": {
"description": "credentials defines a key of a Secret in the namespace that contains the credentials for authentication.",
@@ -102,7 +102,7 @@
"type": "object"
},
"basicAuth": {
- "description": "basicAuth defines the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`.",
+ "description": "basicAuth defines the Basic Authentication credentials used by the\nclient.\n\nCannot be set at the same time as `authorization`, `bearerTokenSecret` or `oauth2`.",
"properties": {
"password": {
"description": "password defines a key of a Secret containing the password for\nauthentication.",
@@ -158,7 +158,7 @@
"type": "string"
},
"bearerTokenSecret": {
- "description": "bearerTokenSecret defines a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the ServiceMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead.",
+ "description": "bearerTokenSecret defines a key of a Secret containing the bearer token\nused by the client for authentication. The secret needs to be in the\nsame namespace as the custom resource and readable by the Prometheus\nOperator.\n\nCannot be set at the same time as `authorization`, `basicAuth` or `oauth2`.\n\nDeprecated: use `authorization` instead.",
"properties": {
"key": {
"description": "The key of the secret to select from. Must be a valid secret key.",
@@ -181,7 +181,7 @@
"x-kubernetes-map-type": "atomic"
},
"enableHttp2": {
- "description": "enableHttp2 can be used to disable HTTP2 when scraping the target.",
+ "description": "enableHttp2 can be used to disable HTTP2.",
"type": "boolean"
},
"filterRunning": {
@@ -189,7 +189,7 @@
"type": "boolean"
},
"followRedirects": {
- "description": "followRedirects defines whether the scrape requests should follow HTTP\n3xx redirects.",
+ "description": "followRedirects defines whether the client should follow HTTP 3xx\nredirects.",
"type": "boolean"
},
"honorLabels": {
@@ -278,7 +278,7 @@
"type": "string"
},
"oauth2": {
- "description": "oauth2 defines the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.",
+ "description": "oauth2 defines the OAuth2 settings used by the client.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, `basicAuth` or `bearerTokenSecret`.",
"properties": {
"clientId": {
"description": "clientId defines a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.",
@@ -741,7 +741,7 @@
"x-kubernetes-int-or-string": true
},
"tlsConfig": {
- "description": "tlsConfig defines the TLS configuration to use when scraping the target.",
+ "description": "tlsConfig defines TLS configuration used by the client.",
"properties": {
"ca": {
"description": "ca defines the Certificate authority used when verifying server certificates.",
@@ -1013,6 +1013,10 @@
"description": "scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.\n\nNotice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.",
"type": "boolean"
},
+ "scrapeNativeHistograms": {
+ "description": "scrapeNativeHistograms defines whether to enable scraping of native histograms.\nIt requires Prometheus >= v3.8.0.",
+ "type": "boolean"
+ },
"scrapeProtocols": {
"description": "scrapeProtocols defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.",
"items": {
diff --git a/jsonnet/prometheus-operator/thanosrulers-crd.json b/jsonnet/prometheus-operator/thanosrulers-crd.json
index 8f6b0eeccc5..4eeeca0dad2 100644
--- a/jsonnet/prometheus-operator/thanosrulers-crd.json
+++ b/jsonnet/prometheus-operator/thanosrulers-crd.json
@@ -4,7 +4,7 @@
"metadata": {
"annotations": {
"controller-gen.kubebuilder.io/version": "v0.19.0",
- "operator.prometheus.io/version": "0.87.1"
+ "operator.prometheus.io/version": "0.88.0"
},
"name": "thanosrulers.monitoring.coreos.com"
},
@@ -4047,6 +4047,14 @@
"description": "paused defines when a ThanosRuler deployment is paused, no actions except for deletion\nwill be performed on the underlying objects.",
"type": "boolean"
},
+ "podManagementPolicy": {
+ "description": "podManagementPolicy defines the policy for creating/deleting pods when\nscaling up and down.\n\nUnlike the default StatefulSet behavior, the default policy is\n`Parallel` to avoid manual intervention in case a pod gets stuck during\na rollout.\n\nNote that updating this value implies the recreation of the StatefulSet\nwhich incurs a service outage.",
+ "enum": [
+ "OrderedReady",
+ "Parallel"
+ ],
+ "type": "string"
+ },
"podMetadata": {
"description": "podMetadata defines labels and annotations which are propagated to the ThanosRuler pods.\n\nThe following items are reserved and cannot be overridden:\n* \"app.kubernetes.io/name\" label, set to \"thanos-ruler\".\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/instance\" label, set to the name of the ThanosRuler instance.\n* \"thanos-ruler\" label, set to the name of the ThanosRuler instance.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"thanos-ruler\".",
"properties": {
@@ -4187,7 +4195,7 @@
"type": "string"
},
"managedIdentity": {
- "description": "managedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth` or `sdk`.",
+ "description": "managedIdentity defines the Azure User-assigned Managed identity.\nCannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.",
"properties": {
"clientId": {
"description": "clientId defines the Azure User-assigned Managed identity.\n\nFor Prometheus >= 3.5.0 and Thanos >= 0.40.0, this field is allowed to be empty to support system-assigned managed identities.",
@@ -4198,7 +4206,7 @@
"type": "object"
},
"oauth": {
- "description": "oauth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity` or `sdk`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.",
+ "description": "oauth defines the oauth config that is being used to authenticate.\nCannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.\n\nIt requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.",
"properties": {
"clientId": {
"description": "clientId defines the clientId of the Azure Active Directory application that is being used to authenticate.",
@@ -4242,8 +4250,13 @@
],
"type": "object"
},
+ "scope": {
+ "description": "scope is the custom OAuth 2.0 scope to request when acquiring tokens.\nIt requires Prometheus >= 3.9.0. Currently not supported by Thanos.",
+ "pattern": "^[\\w\\s:/.\\\\-]+$",
+ "type": "string"
+ },
"sdk": {
- "description": "sdk defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth` or `managedIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.",
+ "description": "sdk defines the Azure SDK config that is being used to authenticate.\nSee https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication\nCannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.\n\nIt requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.",
"properties": {
"tenantId": {
"description": "tenantId defines the tenant ID of the azure active directory application that is being used to authenticate.",
@@ -4252,6 +4265,26 @@
}
},
"type": "object"
+ },
+ "workloadIdentity": {
+ "description": "workloadIdentity defines the Azure Workload Identity authentication.\nCannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.\n\nIt requires Prometheus >= 3.7.0. Currently not supported by Thanos.",
+ "properties": {
+ "clientId": {
+ "description": "clientId is the clientID of the Azure Active Directory application.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "tenantId": {
+ "description": "tenantId is the tenant ID of the Azure Active Directory application.",
+ "minLength": 1,
+ "type": "string"
+ }
+ },
+ "required": [
+ "clientId",
+ "tenantId"
+ ],
+ "type": "object"
}
},
"type": "object"
@@ -6153,6 +6186,47 @@
"description": "tracingConfigFile defines the path of the tracing configuration file.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `tracingConfig`.",
"type": "string"
},
+ "updateStrategy": {
+ "description": "updateStrategy indicates the strategy that will be employed to update\nPods in the StatefulSet when a revision is made to statefulset's Pod\nTemplate.\n\nThe default strategy is RollingUpdate.",
+ "properties": {
+ "rollingUpdate": {
+ "description": "rollingUpdate is used to communicate parameters when type is RollingUpdate.",
+ "properties": {
+ "maxUnavailable": {
+ "anyOf": [
+ {
+ "type": "integer"
+ },
+ {
+ "type": "string"
+ }
+ ],
+ "description": "maxUnavailable is the maximum number of pods that can be unavailable\nduring the update. The value can be an absolute number (ex: 5) or a\npercentage of desired pods (ex: 10%). Absolute number is calculated from\npercentage by rounding up. This can not be 0. Defaults to 1. This field\nis alpha-level and is only honored by servers that enable the\nMaxUnavailableStatefulSet feature. The field applies to all pods in the\nrange 0 to Replicas-1. That means if there is any unavailable pod in\nthe range 0 to Replicas-1, it will be counted towards MaxUnavailable.",
+ "x-kubernetes-int-or-string": true
+ }
+ },
+ "type": "object"
+ },
+ "type": {
+ "description": "type indicates the type of the StatefulSetUpdateStrategy.\n\nDefault is RollingUpdate.",
+ "enum": [
+ "OnDelete",
+ "RollingUpdate"
+ ],
+ "type": "string"
+ }
+ },
+ "required": [
+ "type"
+ ],
+ "type": "object",
+ "x-kubernetes-validations": [
+ {
+ "message": "rollingUpdate requires type to be RollingUpdate",
+ "rule": "!(self.type != 'RollingUpdate' && has(self.rollingUpdate))"
+ }
+ ]
+ },
"version": {
"description": "version of Thanos to be deployed.",
"type": "string"
diff --git a/pkg/alertmanager/amcfg.go b/pkg/alertmanager/amcfg.go
index ef087526d0c..f68046cb436 100644
--- a/pkg/alertmanager/amcfg.go
+++ b/pkg/alertmanager/amcfg.go
@@ -282,7 +282,7 @@ func (cb *ConfigBuilder) initializeFromAlertmanagerConfig(ctx context.Context, g
return err
}
- if err := validationv1.ValidateAlertmanagerGlobalConfig(globalConfig); err != nil {
+ if err := cb.checkAlertmanagerGlobalConfigResource(ctx, globalConfig, crKey.Namespace); err != nil {
return err
}
@@ -434,17 +434,17 @@ func (cb *ConfigBuilder) convertGlobalConfig(ctx context.Context, in *monitoring
}
}
- if in.HTTPConfig != nil {
+ if in.HTTPConfigWithProxy != nil {
v1alpha1Config := monitoringv1alpha1.HTTPConfig{
- Authorization: in.HTTPConfig.Authorization,
- BasicAuth: in.HTTPConfig.BasicAuth,
- OAuth2: in.HTTPConfig.OAuth2,
+ Authorization: in.HTTPConfigWithProxy.Authorization,
+ BasicAuth: in.HTTPConfigWithProxy.BasicAuth,
+ OAuth2: in.HTTPConfigWithProxy.OAuth2,
//nolint:staticcheck // Ignore SA1019 this field is marked as deprecated.
- BearerTokenSecret: in.HTTPConfig.BearerTokenSecret,
- TLSConfig: in.HTTPConfig.TLSConfig,
- ProxyConfig: in.HTTPConfig.ProxyConfig,
- FollowRedirects: in.HTTPConfig.FollowRedirects,
- EnableHTTP2: in.HTTPConfig.EnableHTTP2,
+ BearerTokenSecret: in.HTTPConfigWithProxy.BearerTokenSecret,
+ TLSConfig: in.HTTPConfigWithProxy.TLSConfig,
+ ProxyConfig: in.HTTPConfigWithProxy.ProxyConfig,
+ FollowRedirects: in.HTTPConfigWithProxy.FollowRedirects,
+ EnableHTTP2: in.HTTPConfigWithProxy.EnableHTTP2,
}
httpConfig, err := cb.convertHTTPConfig(ctx, &v1alpha1Config, crKey)
@@ -828,7 +828,7 @@ func (cb *ConfigBuilder) convertWebhookConfig(ctx context.Context, in monitoring
}
out.URL = url
} else if in.URL != nil {
- url, err := validation.ValidateURL(*in.URL)
+ url, err := validation.ValidateURL(string(*in.URL))
if err != nil {
return nil, err
}
@@ -901,22 +901,18 @@ func (cb *ConfigBuilder) convertDiscordConfig(ctx context.Context, in monitoring
func (cb *ConfigBuilder) convertSlackConfig(ctx context.Context, in monitoringv1alpha1.SlackConfig, crKey types.NamespacedName) (*slackConfig, error) {
out := &slackConfig{
VSendResolved: in.SendResolved,
- Channel: in.Channel,
- Username: in.Username,
- Color: in.Color,
- Title: in.Title,
- TitleLink: in.TitleLink,
- Pretext: in.Pretext,
- Text: in.Text,
- ShortFields: in.ShortFields,
- Footer: in.Footer,
- Fallback: in.Fallback,
- CallbackID: in.CallbackID,
- IconEmoji: in.IconEmoji,
- IconURL: in.IconURL,
- ImageURL: in.ImageURL,
- ThumbURL: in.ThumbURL,
- LinkNames: in.LinkNames,
+ Channel: ptr.Deref(in.Channel, ""),
+ Username: ptr.Deref(in.Username, ""),
+ Color: ptr.Deref(in.Color, ""),
+ Title: ptr.Deref(in.Title, ""),
+ Pretext: ptr.Deref(in.Pretext, ""),
+ Text: ptr.Deref(in.Text, ""),
+ ShortFields: ptr.Deref(in.ShortFields, false),
+ Footer: ptr.Deref(in.Footer, ""),
+ Fallback: ptr.Deref(in.Fallback, ""),
+ CallbackID: ptr.Deref(in.CallbackID, ""),
+ IconEmoji: ptr.Deref(in.IconEmoji, ""),
+ LinkNames: ptr.Deref(in.LinkNames, false),
MrkdwnIn: in.MrkdwnIn,
}
@@ -928,6 +924,19 @@ func (cb *ConfigBuilder) convertSlackConfig(ctx context.Context, in monitoringv1
out.APIURL = url
}
+ if ptr.Deref(in.TitleLink, "") != "" {
+ out.TitleLink = string(*in.TitleLink)
+ }
+ if ptr.Deref(in.IconURL, "") != "" {
+ out.TitleLink = string(*in.IconURL)
+ }
+ if ptr.Deref(in.ImageURL, "") != "" {
+ out.TitleLink = string(*in.ImageURL)
+ }
+ if ptr.Deref(in.ThumbURL, "") != "" {
+ out.TitleLink = string(*in.ThumbURL)
+ }
+
var actions []slackAction
if l := len(in.Actions); l > 0 {
actions = make([]slackAction, l)
@@ -935,18 +944,21 @@ func (cb *ConfigBuilder) convertSlackConfig(ctx context.Context, in monitoringv1
action := slackAction{
Type: a.Type,
Text: a.Text,
- URL: a.URL,
- Style: a.Style,
- Name: a.Name,
- Value: a.Value,
+ Style: ptr.Deref(a.Style, ""),
+ Name: ptr.Deref(a.Name, ""),
+ Value: ptr.Deref(a.Value, ""),
+ }
+
+ if ptr.Deref(a.URL, "") != "" {
+ action.URL = string(*a.URL)
}
if a.ConfirmField != nil {
action.ConfirmField = &slackConfirmationField{
Text: a.ConfirmField.Text,
- Title: a.ConfirmField.Title,
- OkText: a.ConfirmField.OkText,
- DismissText: a.ConfirmField.DismissText,
+ Title: ptr.Deref(a.ConfirmField.Title, ""),
+ OkText: ptr.Deref(a.ConfirmField.OkText, ""),
+ DismissText: ptr.Deref(a.ConfirmField.DismissText, ""),
}
}
@@ -977,20 +989,36 @@ func (cb *ConfigBuilder) convertSlackConfig(ctx context.Context, in monitoringv1
}
out.HTTPConfig = httpConfig
+ if in.Timeout != nil {
+ if *in.Timeout != "" {
+ timeout, err := model.ParseDuration(string(*in.Timeout))
+ if err != nil {
+ return nil, err
+ }
+ out.Timeout = &timeout
+ }
+ }
+
return out, nil
}
func (cb *ConfigBuilder) convertPagerdutyConfig(ctx context.Context, in monitoringv1alpha1.PagerDutyConfig, crKey types.NamespacedName) (*pagerdutyConfig, error) {
out := &pagerdutyConfig{
VSendResolved: in.SendResolved,
- Class: in.Class,
- Client: in.Client,
- ClientURL: in.ClientURL,
- Component: in.Component,
- Description: in.Description,
- Group: in.Group,
- Severity: in.Severity,
- URL: in.URL,
+ Class: ptr.Deref(in.Class, ""),
+ Client: ptr.Deref(in.Client, ""),
+ Component: ptr.Deref(in.Component, ""),
+ Description: ptr.Deref(in.Description, ""),
+ Group: ptr.Deref(in.Group, ""),
+ Severity: ptr.Deref(in.Severity, ""),
+ }
+
+ if in.URL != nil {
+ out.URL = string(*in.URL)
+ }
+
+ if in.ClientURL != nil {
+ out.ClientURL = string(*in.ClientURL)
}
if in.RoutingKey != nil {
@@ -1023,8 +1051,10 @@ func (cb *ConfigBuilder) convertPagerdutyConfig(ctx context.Context, in monitori
linkConfigs = make([]pagerdutyLink, l)
for i, lc := range in.PagerDutyLinkConfigs {
linkConfigs[i] = pagerdutyLink{
- Href: lc.Href,
- Text: lc.Text,
+ Text: ptr.Deref(lc.Text, ""),
+ }
+ if lc.Href != nil {
+ linkConfigs[i].Href = string(*lc.Href)
}
}
}
@@ -1035,9 +1065,11 @@ func (cb *ConfigBuilder) convertPagerdutyConfig(ctx context.Context, in monitori
imageConfig = make([]pagerdutyImage, l)
for i, ic := range in.PagerDutyImageConfigs {
imageConfig[i] = pagerdutyImage{
- Src: ic.Src,
- Alt: ic.Alt,
- Href: ic.Href,
+ Src: ptr.Deref(ic.Src, ""),
+ Alt: ptr.Deref(ic.Alt, ""),
+ }
+ if ic.Href != nil {
+ imageConfig[i].Href = string(*ic.Href)
}
}
}
@@ -1053,13 +1085,22 @@ func (cb *ConfigBuilder) convertPagerdutyConfig(ctx context.Context, in monitori
out.Source = *in.Source
}
+ if in.Timeout != nil {
+ if *in.Timeout != "" {
+ timeout, err := model.ParseDuration(string(*in.Timeout))
+ if err != nil {
+ return nil, err
+ }
+ out.Timeout = &timeout
+ }
+ }
+
return out, nil
}
func (cb *ConfigBuilder) convertOpsgenieConfig(ctx context.Context, in monitoringv1alpha1.OpsGenieConfig, crKey types.NamespacedName) (*opsgenieConfig, error) {
out := &opsgenieConfig{
VSendResolved: in.SendResolved,
- APIURL: in.APIURL,
Message: in.Message,
Description: in.Description,
Source: in.Source,
@@ -1071,6 +1112,10 @@ func (cb *ConfigBuilder) convertOpsgenieConfig(ctx context.Context, in monitorin
UpdateAlerts: in.UpdateAlerts,
}
+ if in.APIURL != nil {
+ out.APIURL = string(*in.APIURL)
+ }
+
if in.APIKey != nil {
apiKey, err := cb.store.GetSecretKey(ctx, crKey.Namespace, *in.APIKey)
if err != nil {
@@ -1115,7 +1160,6 @@ func (cb *ConfigBuilder) convertOpsgenieConfig(ctx context.Context, in monitorin
func (cb *ConfigBuilder) convertWeChatConfig(ctx context.Context, in monitoringv1alpha1.WeChatConfig, crKey types.NamespacedName) (*weChatConfig, error) {
out := &weChatConfig{
VSendResolved: in.SendResolved,
- APIURL: in.APIURL,
CorpID: in.CorpID,
AgentID: in.AgentID,
ToUser: in.ToUser,
@@ -1125,6 +1169,10 @@ func (cb *ConfigBuilder) convertWeChatConfig(ctx context.Context, in monitoringv
MessageType: in.MessageType,
}
+ if in.APIURL != nil {
+ out.APIURL = string(*in.APIURL)
+ }
+
if in.APISecret != nil {
apiSecret, err := cb.store.GetSecretKey(ctx, crKey.Namespace, *in.APISecret)
if err != nil {
@@ -1228,12 +1276,11 @@ func (cb *ConfigBuilder) convertEmailConfig(ctx context.Context, in monitoringv1
func (cb *ConfigBuilder) convertVictorOpsConfig(ctx context.Context, in monitoringv1alpha1.VictorOpsConfig, crKey types.NamespacedName) (*victorOpsConfig, error) {
out := &victorOpsConfig{
VSendResolved: in.SendResolved,
- APIURL: in.APIURL,
RoutingKey: in.RoutingKey,
- MessageType: in.MessageType,
- EntityDisplayName: in.EntityDisplayName,
- StateMessage: in.StateMessage,
- MonitoringTool: in.MonitoringTool,
+ MessageType: ptr.Deref(in.MessageType, ""),
+ EntityDisplayName: ptr.Deref(in.EntityDisplayName, ""),
+ StateMessage: ptr.Deref(in.StateMessage, ""),
+ MonitoringTool: ptr.Deref(in.MonitoringTool, ""),
}
if in.APIKey != nil {
@@ -1244,6 +1291,10 @@ func (cb *ConfigBuilder) convertVictorOpsConfig(ctx context.Context, in monitori
out.APIKey = apiKey
}
+ if in.APIURL != nil {
+ out.APIURL = string(*in.APIURL)
+ }
+
var customFields map[string]string
if l := len(in.CustomFields); l > 0 {
// from https://github.com/prometheus/alertmanager/blob/a7f9fdadbecbb7e692d2cd8d3334e3d6de1602e1/config/notifiers.go#L497
@@ -1278,15 +1329,18 @@ func (cb *ConfigBuilder) convertVictorOpsConfig(ctx context.Context, in monitori
func (cb *ConfigBuilder) convertPushoverConfig(ctx context.Context, in monitoringv1alpha1.PushoverConfig, crKey types.NamespacedName) (*pushoverConfig, error) {
out := &pushoverConfig{
VSendResolved: in.SendResolved,
- Title: in.Title,
- Message: in.Message,
- URL: in.URL,
- URLTitle: in.URLTitle,
- Priority: in.Priority,
+ Title: ptr.Deref(in.Title, ""),
+ Message: ptr.Deref(in.Message, ""),
+ URLTitle: ptr.Deref(in.URLTitle, ""),
+ Priority: ptr.Deref(in.Priority, ""),
HTML: in.HTML,
Monospace: in.Monospace,
}
+ if ptr.Deref(in.URL, "") != "" {
+ out.URL = string(*in.URL)
+ }
+
if in.TTL != nil {
out.TTL = string(*in.TTL)
}
@@ -1318,16 +1372,16 @@ func (cb *ConfigBuilder) convertPushoverConfig(ctx context.Context, in monitorin
}
{
- if in.Retry != "" {
- retry, err := model.ParseDuration(in.Retry)
+ if ptr.Deref(in.Retry, "") != "" {
+ retry, err := model.ParseDuration(*in.Retry)
if err != nil {
return nil, fmt.Errorf("parse resolve retry: %w", err)
}
out.Retry = &retry
}
- if in.Expire != "" {
- expire, err := model.ParseDuration(in.Expire)
+ if ptr.Deref(in.Expire, "") != "" {
+ expire, err := model.ParseDuration(*in.Expire)
if err != nil {
return nil, fmt.Errorf("parse resolve expire: %w", err)
}
@@ -1347,13 +1401,16 @@ func (cb *ConfigBuilder) convertPushoverConfig(ctx context.Context, in monitorin
func (cb *ConfigBuilder) convertTelegramConfig(ctx context.Context, in monitoringv1alpha1.TelegramConfig, crKey types.NamespacedName) (*telegramConfig, error) {
out := &telegramConfig{
VSendResolved: in.SendResolved,
- APIUrl: in.APIURL,
ChatID: in.ChatID,
Message: in.Message,
DisableNotifications: false,
ParseMode: in.ParseMode,
}
+ if in.APIURL != nil {
+ out.APIUrl = string(*in.APIURL)
+ }
+
httpConfig, err := cb.convertHTTPConfig(ctx, in.HTTPConfig, crKey)
if err != nil {
return nil, err
@@ -2058,6 +2115,36 @@ func (gc *globalConfig) sanitize(amVersion semver.Version, logger *slog.Logger)
}
}
+ if gc.SlackAppToken != "" && amVersion.LT(semver.MustParse("0.30.0")) {
+ msg := "'slack_app_token' supported in Alertmanager >= 0.30.0 only - dropping field from provided config"
+ logger.Warn(msg, "current_version", amVersion.String())
+ gc.SlackAppToken = ""
+ }
+
+ if gc.SlackAppTokenFile != "" && amVersion.LT(semver.MustParse("0.30.0")) {
+ msg := "'slack_app_token_file' supported in Alertmanager >= 0.30.0 only - dropping field from provided config"
+ logger.Warn(msg, "current_version", amVersion.String())
+ gc.SlackAppTokenFile = ""
+ }
+
+ if gc.SlackAppURL != nil && amVersion.LT(semver.MustParse("0.30.0")) {
+ msg := "'slack_app_url' supported in Alertmanager >= 0.30.0 only - dropping field from provided config"
+ logger.Warn(msg, "current_version", amVersion.String())
+ gc.SlackAppURL = nil
+ }
+
+ if gc.SlackAppToken != "" && gc.SlackAppTokenFile != "" {
+ msg := "'slack_app_token' and 'slack_app_token_file' are mutually exclusive - 'slack_app_token' has taken precedence"
+ logger.Warn(msg)
+ gc.SlackAppTokenFile = ""
+ }
+
+ if (gc.SlackAppToken != "" || gc.SlackAppTokenFile != "") && (gc.SlackAPIURL != nil || gc.SlackAPIURLFile != "") {
+ if gc.SlackAPIURL != nil && gc.SlackAppURL != nil && gc.SlackAPIURL.String() != gc.SlackAppURL.String() {
+ return fmt.Errorf("at most one of slack_app_token/slack_app_token_file & slack_api_url/slack_api_url_file must be configured (unless slack_api_url matches slack_app_url)")
+ }
+ }
+
if gc.OpsGenieAPIKeyFile != "" && amVersion.LT(semver.MustParse("0.24.0")) {
msg := "'opsgenie_api_key_file' supported in Alertmanager >= 0.24.0 only - dropping field from provided config"
logger.Warn(msg, "current_version", amVersion.String())
@@ -2337,6 +2424,19 @@ func (r *receiver) sanitize(amVersion semver.Version, logger *slog.Logger) error
return err
}
}
+
+ for _, conf := range r.MattermostConfigs {
+ if err := conf.sanitize(amVersion, withLogger); err != nil {
+ return err
+ }
+ }
+
+ for _, conf := range r.IncidentioConfigs {
+ if err := conf.sanitize(amVersion, withLogger); err != nil {
+ return err
+ }
+ }
+
return nil
}
@@ -2411,6 +2511,7 @@ func (ops *opsgenieResponder) sanitize(amVersion semver.Version) error {
func (pdc *pagerdutyConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error {
lessThanV0_25 := amVersion.LT(semver.MustParse("0.25.0"))
+ lessThanV0_30 := amVersion.LT(semver.MustParse("0.30.0"))
if pdc.Source != "" && lessThanV0_25 {
msg := "'source' supported in Alertmanager >= 0.25.0 only - dropping field from provided config"
@@ -2442,6 +2543,12 @@ func (pdc *pagerdutyConfig) sanitize(amVersion semver.Version, logger *slog.Logg
pdc.RoutingKeyFile = ""
}
+ if pdc.Timeout != nil && lessThanV0_30 {
+ msg := "'timeout' supported in Alertmanager >= 0.30.0 only - dropping field from provided config"
+ logger.Warn(msg, "current_version", amVersion.String())
+ pdc.Timeout = nil
+ }
+
return pdc.HTTPConfig.sanitize(amVersion, logger)
}
@@ -2504,14 +2611,56 @@ func (poc *pushoverConfig) sanitize(amVersion semver.Version, logger *slog.Logge
return errors.New("either monospace or html must be configured")
}
+ if poc.URL != "" {
+ if _, err := validation.ValidateURL(poc.URL); err != nil {
+ return fmt.Errorf("invalid 'url': %w", err)
+ }
+ }
+
return poc.HTTPConfig.sanitize(amVersion, logger)
}
func (sc *slackConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error {
+ lessThanV0_30 := amVersion.LT(semver.MustParse("0.30.0"))
+
if err := sc.HTTPConfig.sanitize(amVersion, logger); err != nil {
return err
}
+ if sc.Timeout != nil && lessThanV0_30 {
+ msg := "'timeout' supported in Alertmanager >= 0.30.0 only - dropping field from provided config"
+ logger.Warn(msg, "current_version", amVersion.String())
+ sc.Timeout = nil
+ }
+
+ if sc.AppToken != "" && lessThanV0_30 {
+ msg := "'app_token' supported in Alertmanager >= 0.30.0 only - dropping field from provided config"
+ logger.Warn(msg, "current_version", amVersion.String())
+ sc.AppToken = ""
+ }
+
+ if sc.AppTokenFile != "" && lessThanV0_30 {
+ msg := "'app_token_file' supported in Alertmanager >= 0.30.0 only - dropping field from provided config"
+ logger.Warn(msg, "current_version", amVersion.String())
+ sc.AppTokenFile = ""
+ }
+
+ if sc.AppURL != "" && lessThanV0_30 {
+ msg := "'app_url' supported in Alertmanager >= 0.30.0 only - dropping field from provided config"
+ logger.Warn(msg, "current_version", amVersion.String())
+ sc.AppURL = ""
+ }
+
+ if sc.AppToken != "" && sc.AppTokenFile != "" {
+ msg := "'app_token' and 'app_token_file' are mutually exclusive for slack receiver config - 'app_token' has taken precedence"
+ logger.Warn(msg)
+ sc.AppTokenFile = ""
+ }
+
+ if (sc.AppToken != "" || sc.AppTokenFile != "") && (sc.APIURL != "" || sc.APIURLFile != "") {
+ return fmt.Errorf("at most one of app_token/app_token_file & api_url/api_url_file must be configured")
+ }
+
if sc.APIURLFile == "" {
return nil
}
@@ -2576,6 +2725,12 @@ func (whc *webhookConfig) sanitize(amVersion semver.Version, logger *slog.Logger
whc.Timeout = nil
}
+ if whc.URL != "" {
+ if _, err := validation.ValidateURL(whc.URL); err != nil {
+ return fmt.Errorf("invalid 'url': %w", err)
+ }
+ }
+
return nil
}
@@ -2588,6 +2743,10 @@ func (tc *msTeamsConfig) sanitize(amVersion semver.Version, logger *slog.Logger)
return fmt.Errorf("mandatory field %q is empty", "webhook_url")
}
+ if _, err := validation.ValidateURL(tc.WebhookURL); err != nil {
+ return fmt.Errorf("invalid 'webhook_url': %w", err)
+ }
+
if tc.Summary != "" && amVersion.LT(semver.MustParse("0.27.0")) {
msg := "'summary' supported in Alertmanager >= 0.27.0 only - dropping field `summary` from msteams config"
logger.Warn(msg, "current_version", amVersion.String())
@@ -2656,6 +2815,12 @@ func (tc *telegramConfig) sanitize(amVersion semver.Version, logger *slog.Logger
tc.MessageThreadID = 0
}
+ if tc.APIUrl != "" {
+ if _, err := validation.ValidateURL(tc.APIUrl); err != nil {
+ return fmt.Errorf("invalid 'api_url': %w", err)
+ }
+ }
+
return tc.HTTPConfig.sanitize(amVersion, logger)
}
@@ -2714,6 +2879,19 @@ func (jc *jiraConfig) sanitize(amVersion semver.Version, logger *slog.Logger) er
return errors.New("missing issue_type in jira_config")
}
+ apiTypeAllowed := amVersion.GTE(semver.MustParse("0.29.0"))
+ if jc.APIType != "" {
+ if !apiTypeAllowed {
+ msg := "'api_type' supported in Alertmanager >= 0.29.0 only - dropping field from provided config"
+ logger.Warn(msg, "current_version", amVersion.String())
+ jc.APIType = ""
+ } else {
+ if jc.APIType != "auto" && jc.APIType != "cloud" && jc.APIType != "datacenter" {
+ return fmt.Errorf("invalid 'api_type': a value must be 'auto', 'cloud' or 'datacenter'")
+ }
+ }
+ }
+
return jc.HTTPConfig.sanitize(amVersion, logger)
}
@@ -2733,6 +2911,60 @@ func (rc *rocketChatConfig) sanitize(amVersion semver.Version, logger *slog.Logg
return rc.HTTPConfig.sanitize(amVersion, logger)
}
+func (mc *mattermostConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error {
+ mattermostAllowed := amVersion.GTE(semver.MustParse("0.30.0"))
+ if !mattermostAllowed {
+ return fmt.Errorf(`invalid syntax in receivers config; mattermost integration is available in Alertmanager >= 0.30.0`)
+ }
+
+ if mc.WebhookURL == "" && mc.WebhookURLFile == "" {
+ return fmt.Errorf(`one of 'webhook_url' or 'webhook_url_file' must be configured`)
+ }
+
+ if mc.WebhookURL != "" && mc.WebhookURLFile != "" {
+ msg := "'webhook_url' and 'webhook_url_file' are mutually exclusive for mattermost receiver config - 'webhook_url' has taken precedence"
+ logger.Warn(msg)
+ mc.WebhookURLFile = ""
+ }
+
+ return mc.HTTPConfig.sanitize(amVersion, logger)
+}
+
+func (ic *incidentioConfig) sanitize(amVersion semver.Version, logger *slog.Logger) error {
+ incidentioAllowed := amVersion.GTE(semver.MustParse("0.29.0"))
+ if !incidentioAllowed {
+ return fmt.Errorf("invalid syntax in receivers config; incident.io integration is available in Alertmanager >= 0.29.0")
+ }
+
+ if ic.URL == "" && ic.URLFile == "" {
+ return errors.New("one of url or url_file must be configured")
+ }
+
+ if ic.URL != "" && ic.URLFile != "" {
+ return errors.New("at most one of url & url_file must be configured")
+ }
+
+ if ic.URL != "" {
+ if _, err := validation.ValidateURL(ic.URL); err != nil {
+ return fmt.Errorf("invalid url: %w", err)
+ }
+ }
+
+ if ic.AlertSourceToken != "" && ic.AlertSourceTokenFile != "" {
+ return errors.New("at most one of alert_source_token & alert_source_token_file must be configured")
+ }
+
+ if ic.HTTPConfig != nil && ic.HTTPConfig.Authorization != nil && (ic.AlertSourceToken != "" || ic.AlertSourceTokenFile != "") {
+ return errors.New("cannot specify alert_source_token or alert_source_token_file when using http_config.authorization")
+ }
+
+ if ic.AlertSourceToken == "" && ic.AlertSourceTokenFile == "" && (ic.HTTPConfig == nil || ic.HTTPConfig.Authorization == nil) {
+ return errors.New("at least one of alert_source_token, alert_source_token_file or http_config.authorization must be configured")
+ }
+
+ return ic.HTTPConfig.sanitize(amVersion, logger)
+}
+
func (ir *inhibitRule) sanitize(amVersion semver.Version, logger *slog.Logger) error {
matchersV2Allowed := amVersion.GTE(semver.MustParse("0.22.0"))
@@ -2894,3 +3126,45 @@ func checkIsV2Matcher(in ...[]monitoringv1alpha1.Matcher) bool {
}
return false
}
+
+func (cb *ConfigBuilder) checkAlertmanagerGlobalConfigResource(
+ ctx context.Context,
+ gc *monitoringv1.AlertmanagerGlobalConfig,
+ namespace string,
+) error {
+ if gc == nil {
+ return nil
+ }
+
+ // Perform semantic validation irrespective of the Alertmanager version.
+ if err := validationv1.ValidateAlertmanagerGlobalConfig(gc); err != nil {
+ return err
+ }
+
+ // Perform more specific validations which depend on the Alertmanager
+ // version. It also retrieves data from referenced secrets and configmaps
+ // (and fails in case of missing/invalid references).
+ if err := cb.checkGlobalWeChatConfig(ctx, gc.WeChatConfig, namespace); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (cb *ConfigBuilder) checkGlobalWeChatConfig(
+ ctx context.Context,
+ wc *monitoringv1.GlobalWeChatConfig,
+ namespace string,
+) error {
+ if wc == nil {
+ return nil
+ }
+
+ if wc.APISecret != nil {
+ if _, err := cb.store.GetSecretKey(ctx, namespace, *wc.APISecret); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
diff --git a/pkg/alertmanager/amcfg_test.go b/pkg/alertmanager/amcfg_test.go
index 36d98e43399..5c663b72110 100644
--- a/pkg/alertmanager/amcfg_test.go
+++ b/pkg/alertmanager/amcfg_test.go
@@ -146,29 +146,33 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
},
},
ResolveTimeout: "30s",
- HTTPConfig: &monitoringv1.HTTPConfig{
- OAuth2: &monitoringv1.OAuth2{
- ClientID: monitoringv1.SecretOrConfigMap{
- ConfigMap: &corev1.ConfigMapKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "webhook-client-id",
+ HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{
+ HTTPConfig: monitoringv1.HTTPConfig{
+ HTTPConfigWithoutTLS: monitoringv1.HTTPConfigWithoutTLS{
+ OAuth2: &monitoringv1.OAuth2{
+ ClientID: monitoringv1.SecretOrConfigMap{
+ ConfigMap: &corev1.ConfigMapKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "webhook-client-id",
+ },
+ Key: "test",
+ },
+ },
+ ClientSecret: corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "webhook-client-secret",
+ },
+ Key: "test",
+ },
+ TokenURL: "https://test.com",
+ Scopes: []string{"any"},
+ EndpointParams: map[string]string{
+ "some": "value",
},
- Key: "test",
- },
- },
- ClientSecret: corev1.SecretKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "webhook-client-secret",
},
- Key: "test",
- },
- TokenURL: "https://test.com",
- Scopes: []string{"any"},
- EndpointParams: map[string]string{
- "some": "value",
+ FollowRedirects: ptr.To(true),
},
},
- FollowRedirects: ptr.To(true),
},
},
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
@@ -204,18 +208,22 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
name: "valid global config with global HTTPConfig CA",
amVersion: &version28,
globalConfig: &monitoringv1.AlertmanagerGlobalConfig{
- HTTPConfig: &monitoringv1.HTTPConfig{
- TLSConfig: &monitoringv1.SafeTLSConfig{
- CA: monitoringv1.SecretOrConfigMap{
- ConfigMap: &corev1.ConfigMapKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "proxy-ca-certificate",
+ HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{
+ HTTPConfig: monitoringv1.HTTPConfig{
+ HTTPConfigWithoutTLS: monitoringv1.HTTPConfigWithoutTLS{
+ FollowRedirects: ptr.To(true),
+ },
+ TLSConfig: &monitoringv1.SafeTLSConfig{
+ CA: monitoringv1.SecretOrConfigMap{
+ ConfigMap: &corev1.ConfigMapKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "proxy-ca-certificate",
+ },
+ Key: "certificate",
},
- Key: "certificate",
},
},
},
- FollowRedirects: ptr.To(true),
},
},
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
@@ -622,8 +630,12 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
{
name: "globalConfig has null resolve timeout",
globalConfig: &monitoringv1.AlertmanagerGlobalConfig{
- HTTPConfig: &monitoringv1.HTTPConfig{
- FollowRedirects: ptr.To(true),
+ HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{
+ HTTPConfig: monitoringv1.HTTPConfig{
+ HTTPConfigWithoutTLS: monitoringv1.HTTPConfigWithoutTLS{
+ FollowRedirects: ptr.To(true),
+ },
+ },
},
},
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
@@ -650,7 +662,12 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
{
name: "globalConfig httpconfig/proxyconfig has null secretKey for proxyConnectHeader",
globalConfig: &monitoringv1.AlertmanagerGlobalConfig{
- HTTPConfig: &monitoringv1.HTTPConfig{
+ HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{
+ HTTPConfig: monitoringv1.HTTPConfig{
+ HTTPConfigWithoutTLS: monitoringv1.HTTPConfigWithoutTLS{
+ FollowRedirects: ptr.To(true),
+ },
+ },
ProxyConfig: monitoringv1.ProxyConfig{
ProxyURL: ptr.To("http://example.com"),
NoProxy: ptr.To("svc.cluster.local"),
@@ -665,7 +682,6 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
},
},
},
- FollowRedirects: ptr.To(true),
},
},
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
@@ -693,7 +709,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
name: "valid globalConfig httpconfig/proxyconfig/proxyConnectHeader with amVersion24",
amVersion: &version24,
globalConfig: &monitoringv1.AlertmanagerGlobalConfig{
- HTTPConfig: &monitoringv1.HTTPConfig{
+ HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{
ProxyConfig: monitoringv1.ProxyConfig{
ProxyURL: ptr.To("http://example.com"),
NoProxy: ptr.To("svc.cluster.local"),
@@ -708,7 +724,11 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
},
},
},
- FollowRedirects: ptr.To(true),
+ HTTPConfig: monitoringv1.HTTPConfig{
+ HTTPConfigWithoutTLS: monitoringv1.HTTPConfigWithoutTLS{
+ FollowRedirects: ptr.To(true),
+ },
+ },
},
},
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
@@ -736,7 +756,7 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
name: "valid globalConfig httpconfig/proxyconfig/proxyConnectHeader with amVersion26",
amVersion: &version26,
globalConfig: &monitoringv1.AlertmanagerGlobalConfig{
- HTTPConfig: &monitoringv1.HTTPConfig{
+ HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{
ProxyConfig: monitoringv1.ProxyConfig{
ProxyURL: ptr.To("http://example.com"),
NoProxy: ptr.To("svc.cluster.local"),
@@ -751,7 +771,11 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
},
},
},
- FollowRedirects: ptr.To(true),
+ HTTPConfig: monitoringv1.HTTPConfig{
+ HTTPConfigWithoutTLS: monitoringv1.HTTPConfigWithoutTLS{
+ FollowRedirects: ptr.To(true),
+ },
+ },
},
},
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
@@ -907,29 +931,33 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
},
},
ResolveTimeout: "30s",
- HTTPConfig: &monitoringv1.HTTPConfig{
- OAuth2: &monitoringv1.OAuth2{
- ClientID: monitoringv1.SecretOrConfigMap{
- ConfigMap: &corev1.ConfigMapKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "webhook-client-id",
+ HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{
+ HTTPConfig: monitoringv1.HTTPConfig{
+ HTTPConfigWithoutTLS: monitoringv1.HTTPConfigWithoutTLS{
+ OAuth2: &monitoringv1.OAuth2{
+ ClientID: monitoringv1.SecretOrConfigMap{
+ ConfigMap: &corev1.ConfigMapKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "webhook-client-id",
+ },
+ Key: "test",
+ },
+ },
+ ClientSecret: corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "webhook-client-secret",
+ },
+ Key: "test",
+ },
+ TokenURL: "https://test.com",
+ Scopes: []string{"any"},
+ EndpointParams: map[string]string{
+ "some": "value",
},
- Key: "test",
- },
- },
- ClientSecret: corev1.SecretKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "webhook-client-secret",
},
- Key: "test",
- },
- TokenURL: "https://test.com",
- Scopes: []string{"any"},
- EndpointParams: map[string]string{
- "some": "value",
+ FollowRedirects: ptr.To(true),
},
},
- FollowRedirects: ptr.To(true),
},
},
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
@@ -1805,43 +1833,47 @@ func TestInitializeFromAlertmanagerConfig(t *testing.T) {
amVersion: &version28,
globalConfig: &monitoringv1.AlertmanagerGlobalConfig{
ResolveTimeout: "30s",
- HTTPConfig: &monitoringv1.HTTPConfig{
- OAuth2: &monitoringv1.OAuth2{
- ClientID: monitoringv1.SecretOrConfigMap{
- ConfigMap: &corev1.ConfigMapKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "webhook-client-id",
+ HTTPConfigWithProxy: &monitoringv1.HTTPConfigWithProxy{
+ HTTPConfig: monitoringv1.HTTPConfig{
+ HTTPConfigWithoutTLS: monitoringv1.HTTPConfigWithoutTLS{
+ OAuth2: &monitoringv1.OAuth2{
+ ClientID: monitoringv1.SecretOrConfigMap{
+ ConfigMap: &corev1.ConfigMapKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "webhook-client-id",
+ },
+ Key: "test",
+ },
+ },
+ ClientSecret: corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "webhook-client-secret",
+ },
+ Key: "test",
+ },
+ TokenURL: "https://test.com",
+ Scopes: []string{"any"},
+ EndpointParams: map[string]string{
+ "some": "value",
},
- Key: "test",
- },
- },
- ClientSecret: corev1.SecretKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "webhook-client-secret",
- },
- Key: "test",
- },
- TokenURL: "https://test.com",
- Scopes: []string{"any"},
- EndpointParams: map[string]string{
- "some": "value",
- },
- },
- BasicAuth: &monitoringv1.BasicAuth{
- Username: corev1.SecretKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "webhook-client-secret",
},
- Key: "test",
- },
- Password: corev1.SecretKeySelector{
- LocalObjectReference: corev1.LocalObjectReference{
- Name: "webhook-client-secret",
+ BasicAuth: &monitoringv1.BasicAuth{
+ Username: corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "webhook-client-secret",
+ },
+ Key: "test",
+ },
+ Password: corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "webhook-client-secret",
+ },
+ Key: "test",
+ },
},
- Key: "test",
+ FollowRedirects: ptr.To(true),
},
},
- FollowRedirects: ptr.To(true),
},
},
amConfig: &monitoringv1alpha1.AlertmanagerConfig{
@@ -2633,15 +2665,15 @@ func TestGenerateConfig(t *testing.T) {
},
PagerDutyImageConfigs: []monitoringv1alpha1.PagerDutyImageConfig{
{
- Src: "https://some-image.com",
- Href: "https://some-image.com",
- Alt: "some-image",
+ Src: ptr.To("https://some-image.com"),
+ Href: ptr.To(monitoringv1alpha1.URL("https://some-image.com")),
+ Alt: ptr.To("some-image"),
},
},
PagerDutyLinkConfigs: []monitoringv1alpha1.PagerDutyLinkConfig{
{
- Href: "https://some-link.com",
- Text: "some-link",
+ Href: ptr.To(monitoringv1alpha1.URL("https://some-link.com")),
+ Text: ptr.To("some-link"),
},
},
}},
@@ -2692,7 +2724,7 @@ func TestGenerateConfig(t *testing.T) {
Receivers: []monitoringv1alpha1.Receiver{{
Name: "test",
WebhookConfigs: []monitoringv1alpha1.WebhookConfig{{
- URL: ptr.To("http://test.url"),
+ URL: ptr.To(monitoringv1alpha1.URL("http://test.url")),
HTTPConfig: &monitoringv1alpha1.HTTPConfig{
OAuth2: &monitoringv1.OAuth2{
ClientID: monitoringv1.SecretOrConfigMap{
@@ -2818,6 +2850,52 @@ func TestGenerateConfig(t *testing.T) {
},
golden: "CR_with_Opsgenie_Team_Responder.golden",
},
+ {
+ name: "CR with Opsgenie Receiver",
+ kclient: fake.NewSimpleClientset(
+ &corev1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "am-og-test-receiver",
+ Namespace: "mynamespace",
+ },
+ Data: map[string][]byte{
+ "apiKey": []byte("1234abc"),
+ },
+ },
+ ),
+ baseConfig: alertmanagerConfig{
+ Route: &route{
+ Receiver: "null",
+ },
+ Receivers: []*receiver{{Name: "null"}},
+ },
+ amConfigs: map[string]*monitoringv1alpha1.AlertmanagerConfig{
+ "mynamespace": {
+ ObjectMeta: metav1.ObjectMeta{
+ Name: "myamc",
+ Namespace: "mynamespace",
+ },
+ Spec: monitoringv1alpha1.AlertmanagerConfigSpec{
+ Route: &monitoringv1alpha1.Route{
+ Receiver: "test",
+ },
+ Receivers: []monitoringv1alpha1.Receiver{{
+ Name: "test",
+ OpsGenieConfigs: []monitoringv1alpha1.OpsGenieConfig{{
+ APIKey: &corev1.SecretKeySelector{
+ LocalObjectReference: corev1.LocalObjectReference{
+ Name: "am-og-test-receiver",
+ },
+ Key: "apiKey",
+ },
+ APIURL: ptr.To(monitoringv1alpha1.URL("https://example.com/")),
+ }},
+ }},
+ },
+ },
+ },
+ golden: "CR_with_Opsgenie_Receiver_Valid_APIURL.golden",
+ },
{
name: "CR with WeChat Receiver",
kclient: fake.NewSimpleClientset(
@@ -2917,8 +2995,8 @@ func TestGenerateConfig(t *testing.T) {
},
Key: "token",
},
- Retry: "5m",
- Expire: "30s",
+ Retry: ptr.To("5m"),
+ Expire: ptr.To("30s"),
HTML: ptr.To(true),
}},
}},
@@ -2960,7 +3038,7 @@ func TestGenerateConfig(t *testing.T) {
Receivers: []monitoringv1alpha1.Receiver{{
Name: "test",
TelegramConfigs: []monitoringv1alpha1.TelegramConfig{{
- APIURL: "https://api.telegram.org",
+ APIURL: ptr.To(monitoringv1alpha1.URL("https://api.telegram.org")),
BotToken: &corev1.SecretKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: "am-telegram-test-receiver",
@@ -3005,7 +3083,7 @@ func TestGenerateConfig(t *testing.T) {
{
Type: "type",
Text: "text",
- Name: "my-action",
+ Name: ptr.To("my-action"),
ConfirmField: &monitoringv1alpha1.SlackConfirmationField{
Text: "text",
},
@@ -3053,7 +3131,7 @@ func TestGenerateConfig(t *testing.T) {
{
Type: "type",
Text: "text",
- Name: "my-action",
+ Name: ptr.To("my-action"),
ConfirmField: &monitoringv1alpha1.SlackConfirmationField{
Text: "text",
},
@@ -3238,7 +3316,7 @@ func TestGenerateConfig(t *testing.T) {
{
Type: "type",
Text: "text",
- Name: "my-action",
+ Name: ptr.To("my-action"),
ConfirmField: &monitoringv1alpha1.SlackConfirmationField{
Text: "text",
},
@@ -3319,7 +3397,7 @@ func TestGenerateConfig(t *testing.T) {
{
Type: "type",
Text: "text",
- Name: "my-action",
+ Name: ptr.To("my-action"),
ConfirmField: &monitoringv1alpha1.SlackConfirmationField{
Text: "text",
},
@@ -3771,7 +3849,7 @@ func TestGenerateConfig(t *testing.T) {
Name: "test",
WebhookConfigs: []monitoringv1alpha1.WebhookConfig{
{
- URL: ptr.To("https://example.com/"),
+ URL: ptr.To(monitoringv1alpha1.URL("https://example.com/")),
Timeout: ptr.To(monitoringv1.Duration("5s")),
},
},
@@ -3807,7 +3885,7 @@ func TestGenerateConfig(t *testing.T) {
Name: "test",
WebhookConfigs: []monitoringv1alpha1.WebhookConfig{
{
- URL: ptr.To("https://example.com/"),
+ URL: ptr.To(monitoringv1alpha1.URL("https://example.com/")),
Timeout: ptr.To(monitoringv1.Duration("5s")),
},
},
@@ -3893,6 +3971,15 @@ func TestSanitizeConfig(t *testing.T) {
versionSMTPTLSConfigAllowed := semver.Version{Major: 0, Minor: 28}
versionSMTPTLSConfigNotAllowed := semver.Version{Major: 0, Minor: 27}
+ versionMattermostConfigAllowed := semver.Version{Major: 0, Minor: 30}
+ versionMattermostConfigNotAllowed := semver.Version{Major: 0, Minor: 29}
+
+ versionTimeoutConfigAllowed := semver.Version{Major: 0, Minor: 30}
+ versionTimeoutConfigNotAllowed := semver.Version{Major: 0, Minor: 29}
+
+ versionSlackAppConfigAllowed := semver.Version{Major: 0, Minor: 30}
+ versionSlackAppConfigNotAllowed := semver.Version{Major: 0, Minor: 29}
+
for _, tc := range []struct {
name string
againstVersion semver.Version
@@ -4002,6 +4089,38 @@ func TestSanitizeConfig(t *testing.T) {
},
golden: "test_slack_config_happy_path.golden",
},
+ {
+ name: "Test timeout is dropped in slack config for unsupported versions",
+ againstVersion: versionTimeoutConfigNotAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ SlackConfigs: []*slackConfig{
+ {
+ Timeout: ptr.To(model.Duration(time.Minute)),
+ },
+ },
+ },
+ },
+ },
+ golden: "test_slack_timeout_is_dropped_in_slack_config_for_unsupported_versions.golden",
+ },
+ {
+ name: "Test timeout is added in slack config for supported versions",
+ againstVersion: versionTimeoutConfigAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ SlackConfigs: []*slackConfig{
+ {
+ Timeout: ptr.To(model.Duration(time.Minute)),
+ },
+ },
+ },
+ },
+ },
+ golden: "test_slack_timeout_is_added_in_slack_config_for_supported_versions.golden",
+ },
{
name: "Test inhibit rules error with unsupported syntax",
againstVersion: matcherV2SyntaxNotAllowed,
@@ -4553,6 +4672,207 @@ func TestSanitizeConfig(t *testing.T) {
},
golden: "summary_add_in_supported_versions_for_MSTeams_config.golden",
},
+ {
+ name: "Test config version mattermost allowed",
+ againstVersion: versionMattermostConfigAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ MattermostConfigs: []*mattermostConfig{
+ {
+ WebhookURL: "www.test.com",
+ Text: "test text",
+ },
+ },
+ },
+ },
+ },
+ golden: "test_config_version_mattermost_allowed.golden",
+ },
+ {
+ name: "Test drop config version mattermost not allowed",
+ againstVersion: versionMattermostConfigNotAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ MattermostConfigs: []*mattermostConfig{
+ {
+ WebhookURL: "www.test.com",
+ Text: "test text",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "Test webhook_url takes precedence in mattermost config",
+ againstVersion: versionMattermostConfigAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ MattermostConfigs: []*mattermostConfig{
+ {
+ WebhookURL: "www.test.com",
+ WebhookURLFile: "/test",
+ Text: "test text",
+ },
+ },
+ },
+ },
+ },
+ golden: "test_webhook_url_takes_precedence_in_mattermost_config.golden",
+ },
+ {
+ name: "Test timeout is dropped in pagerduty config for unsupported versions",
+ againstVersion: versionTimeoutConfigNotAllowed,
+
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ PagerdutyConfigs: []*pagerdutyConfig{
+ {
+ Timeout: ptr.To(model.Duration(time.Minute)),
+ },
+ },
+ },
+ },
+ },
+ golden: "test_pagerduty_timeout_is_dropped_in_pagerduty_config_for_unsupported_versions.golden",
+ },
+ {
+ name: "Test timeout is added in pagerduty config for supported versions",
+ againstVersion: versionTimeoutConfigAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ PagerdutyConfigs: []*pagerdutyConfig{
+ {
+ Timeout: ptr.To(model.Duration(time.Minute)),
+ },
+ },
+ },
+ },
+ },
+ golden: "test_pagerduty_timeout_is_added_in_pagerduty_config_for_supported_versions.golden",
+ },
+ {
+ name: "Test slack_app_token is dropped for unsupported versions",
+ againstVersion: versionSlackAppConfigNotAllowed,
+ in: &alertmanagerConfig{
+ Global: &globalConfig{
+ SlackAppToken: "xoxb-token",
+ SlackAppURL: &config.URL{
+ URL: &url.URL{
+ Scheme: "https",
+ Host: "slack.com",
+ Path: "/api/chat.postMessage",
+ },
+ },
+ },
+ },
+ golden: "test_slack_app_token_is_dropped_for_unsupported_versions.golden",
+ },
+ {
+ name: "Test slack_app_url is dropped for unsupported versions",
+ againstVersion: versionSlackAppConfigNotAllowed,
+ in: &alertmanagerConfig{
+ Global: &globalConfig{
+ SlackAppURL: &config.URL{
+ URL: &url.URL{
+ Scheme: "https",
+ Host: "slack.com",
+ Path: "/api/chat.postMessage",
+ },
+ },
+ },
+ },
+ golden: "test_slack_app_url_is_dropped_for_unsupported_versions.golden",
+ },
+ {
+ name: "Test slack_app_token and slack_app_url preserved for supported versions",
+ againstVersion: versionSlackAppConfigAllowed,
+ in: &alertmanagerConfig{
+ Global: &globalConfig{
+ SlackAppToken: "xoxb-token",
+ SlackAppURL: &config.URL{
+ URL: &url.URL{
+ Scheme: "https",
+ Host: "slack.com",
+ Path: "/api/chat.postMessage",
+ },
+ },
+ },
+ },
+ golden: "test_slack_app_token_and_slack_app_url_preserved_for_supported_versions.golden",
+ },
+ {
+ name: "Test slack_app_token takes precedence over slack_app_token_file",
+ againstVersion: versionSlackAppConfigAllowed,
+ in: &alertmanagerConfig{
+ Global: &globalConfig{
+ SlackAppToken: "xoxb-token",
+ SlackAppTokenFile: "/var/secrets/token",
+ SlackAppURL: &config.URL{
+ URL: &url.URL{
+ Scheme: "https",
+ Host: "slack.com",
+ Path: "/api/chat.postMessage",
+ },
+ },
+ },
+ },
+ golden: "test_slack_app_token_takes_precedence_over_slack_app_token_file.golden",
+ },
+ {
+ name: "Test slack_app_token and slack_api_url both configured with different URLs fails",
+ againstVersion: versionSlackAppConfigAllowed,
+ in: &alertmanagerConfig{
+ Global: &globalConfig{
+ SlackAPIURL: &config.URL{
+ URL: &url.URL{
+ Scheme: "https",
+ Host: "hooks.slack.com",
+ Path: "/services/XXX",
+ },
+ },
+ SlackAppToken: "xoxb-token",
+ SlackAppURL: &config.URL{
+ URL: &url.URL{
+ Scheme: "https",
+ Host: "slack.com",
+ Path: "/api/chat.postMessage",
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "Test slack_app_token and slack_api_url with same URL is allowed",
+ againstVersion: versionSlackAppConfigAllowed,
+ in: &alertmanagerConfig{
+ Global: &globalConfig{
+ SlackAPIURL: &config.URL{
+ URL: &url.URL{
+ Scheme: "https",
+ Host: "slack.com",
+ Path: "/api/chat.postMessage",
+ },
+ },
+ SlackAppToken: "xoxb-token",
+ SlackAppURL: &config.URL{
+ URL: &url.URL{
+ Scheme: "https",
+ Host: "slack.com",
+ Path: "/api/chat.postMessage",
+ },
+ },
+ },
+ },
+ golden: "test_slack_app_token_and_slack_api_url_with_same_url_is_allowed.golden",
+ },
} {
t.Run(tc.name, func(t *testing.T) {
err := tc.in.sanitize(tc.againstVersion, logger)
@@ -5348,6 +5668,7 @@ func TestSanitizeWebhookConfig(t *testing.T) {
againstVersion semver.Version
in *alertmanagerConfig
golden string
+ expectErr bool
}{
{
name: "Test webhook_url_file is dropped in webhook config for unsupported versions",
@@ -5373,7 +5694,7 @@ func TestSanitizeWebhookConfig(t *testing.T) {
{
WebhookConfigs: []*webhookConfig{
{
- URL: "foo",
+ URL: "http://example.com/foo",
URLFile: "bar",
},
},
@@ -5414,14 +5735,50 @@ func TestSanitizeWebhookConfig(t *testing.T) {
},
golden: "test_webhook_timeout_is_added_in_webhook_config_for_supported_versions.golden",
},
- } {
- t.Run(tc.name, func(t *testing.T) {
- err := tc.in.sanitize(tc.againstVersion, logger)
- require.NoError(t, err)
-
- amConfigs, err := yaml.Marshal(tc.in)
- require.NoError(t, err)
-
+ {
+ name: "Test invalid url returns error",
+ againstVersion: semver.Version{Major: 0, Minor: 26},
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ WebhookConfigs: []*webhookConfig{
+ {
+ URL: "not-a-valid-url",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "Test valid url passes validation",
+ againstVersion: semver.Version{Major: 0, Minor: 26},
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ WebhookConfigs: []*webhookConfig{
+ {
+ URL: "http://example.com/webhook",
+ },
+ },
+ },
+ },
+ },
+ golden: "test_webhook_valid_url_passes.golden",
+ },
+ } {
+ t.Run(tc.name, func(t *testing.T) {
+ err := tc.in.sanitize(tc.againstVersion, logger)
+ if tc.expectErr {
+ require.Error(t, err)
+ return
+ }
+ require.NoError(t, err)
+
+ amConfigs, err := yaml.Marshal(tc.in)
+ require.NoError(t, err)
+
golden.Assert(t, string(amConfigs), tc.golden)
})
}
@@ -5435,6 +5792,7 @@ func TestSanitizePushoverConfig(t *testing.T) {
againstVersion semver.Version
in *alertmanagerConfig
golden string
+ expectErr bool
}{
{
name: "Test pushover_user_key_file is dropped in pushover config for unsupported versions",
@@ -5508,9 +5866,49 @@ func TestSanitizePushoverConfig(t *testing.T) {
},
golden: "test_token_takes_precedence_in_pushover_config.golden",
},
+ {
+ name: "Test invalid url returns error",
+ againstVersion: semver.Version{Major: 0, Minor: 26},
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ PushoverConfigs: []*pushoverConfig{
+ {
+ UserKey: "key",
+ Token: "token",
+ URL: "not-a-valid-url",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "Test valid url passes validation",
+ againstVersion: semver.Version{Major: 0, Minor: 26},
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ PushoverConfigs: []*pushoverConfig{
+ {
+ UserKey: "key",
+ Token: "token",
+ URL: "http://example.com",
+ },
+ },
+ },
+ },
+ },
+ golden: "test_pushover_valid_url_passes.golden",
+ },
} {
t.Run(tc.name, func(t *testing.T) {
err := tc.in.sanitize(tc.againstVersion, logger)
+ if tc.expectErr {
+ require.Error(t, err)
+ return
+ }
require.NoError(t, err)
amConfigs, err := yaml.Marshal(tc.in)
@@ -5645,6 +6043,9 @@ func TestSanitizeJiraConfig(t *testing.T) {
logger := newNopLogger(t)
versionJiraAllowed := semver.Version{Major: 0, Minor: 28}
versionJiraNotAllowed := semver.Version{Major: 0, Minor: 27}
+
+ versionAPITypeAllowed := semver.Version{Major: 0, Minor: 29}
+ versionAPITypeNotAllowed := semver.Version{Major: 0, Minor: 28}
for _, tc := range []struct {
name string
againstVersion semver.Version
@@ -5721,6 +6122,63 @@ func TestSanitizeJiraConfig(t *testing.T) {
},
golden: "jira_configs_with_send_resolved.golden",
},
+ {
+ name: "jira_configs with api_type",
+ againstVersion: versionAPITypeAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ JiraConfigs: []*jiraConfig{
+ {
+ APIURL: "http://issues.example.com",
+ Project: "Monitoring",
+ APIType: "datacenter",
+ IssueType: "Bug",
+ },
+ },
+ },
+ },
+ },
+ golden: "jira_config_with_api_type.golden",
+ },
+ {
+ name: "jira_configs with api_type version not supported",
+ againstVersion: versionAPITypeNotAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ JiraConfigs: []*jiraConfig{
+ {
+ APIURL: "http://issues.example.com",
+ Project: "Monitoring",
+ APIType: "datacenter",
+ IssueType: "Bug",
+ },
+ },
+ },
+ },
+ },
+ golden: "jira_config_with_api_type_version_not_supported.golden",
+ },
+ {
+ name: "jira_configs with invalid api_type",
+ againstVersion: versionAPITypeAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ JiraConfigs: []*jiraConfig{
+ {
+ APIURL: "http://issues.example.com",
+ Project: "Monitoring",
+ APIType: "onpremise",
+ IssueType: "Bug",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
} {
t.Run(tc.name, func(t *testing.T) {
err := tc.in.sanitize(tc.againstVersion, logger)
@@ -5990,6 +6448,198 @@ func TestSanitizeRocketChatConfig(t *testing.T) {
}
}
+func TestSanitizeIncidentioConfig(t *testing.T) {
+ logger := newNopLogger(t)
+ versionIncidentioAllowed := semver.Version{Major: 0, Minor: 29}
+ versionIncidentioNotAllowed := semver.Version{Major: 0, Minor: 28}
+ for _, tc := range []struct {
+ name string
+ againstVersion semver.Version
+ in *alertmanagerConfig
+ golden string
+ expectErr bool
+ }{
+ {
+ name: "incidentio_configs returns error for unsupported versions",
+ againstVersion: versionIncidentioNotAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ IncidentioConfigs: []*incidentioConfig{
+ {
+ URL: "http://example.com",
+ AlertSourceToken: "token123",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "incidentio_configs allows for supported versions",
+ againstVersion: versionIncidentioAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ IncidentioConfigs: []*incidentioConfig{
+ {
+ URL: "http://example.com",
+ AlertSourceToken: "token123",
+ },
+ },
+ },
+ },
+ },
+ golden: "incidentio_configs_for_supported_versions.golden",
+ },
+ {
+ name: "incidentio_configs invalid url returns error",
+ againstVersion: versionIncidentioAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ IncidentioConfigs: []*incidentioConfig{
+ {
+ URL: "not-a-valid-url",
+ AlertSourceToken: "token123",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "incidentio_configs both url and url_file set",
+ againstVersion: versionIncidentioAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ IncidentioConfigs: []*incidentioConfig{
+ {
+ URL: "http://example.com",
+ URLFile: "/var/kubernetes/secrets/url",
+ AlertSourceToken: "token123",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "incidentio_configs both alert_source_token and alert_source_token_file set",
+ againstVersion: versionIncidentioAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ IncidentioConfigs: []*incidentioConfig{
+ {
+ URL: "http://example.com",
+ AlertSourceToken: "token123",
+ AlertSourceTokenFile: "/var/kubernetes/secrets/token",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "incidentio_configs missing url and url_file",
+ againstVersion: versionIncidentioAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ IncidentioConfigs: []*incidentioConfig{
+ {
+ AlertSourceToken: "token123",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "incidentio_configs missing authentication",
+ againstVersion: versionIncidentioAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ IncidentioConfigs: []*incidentioConfig{
+ {
+ URL: "http://example.com",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "incidentio_configs with http_config.authorization and alert_source_token",
+ againstVersion: versionIncidentioAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ IncidentioConfigs: []*incidentioConfig{
+ {
+ URL: "http://example.com",
+ AlertSourceToken: "token123",
+ HTTPConfig: &httpClientConfig{
+ Authorization: &authorization{
+ Type: "Bearer",
+ Credentials: "creds123",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "incidentio_configs with http_config.authorization only",
+ againstVersion: versionIncidentioAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ IncidentioConfigs: []*incidentioConfig{
+ {
+ URL: "http://example.com",
+ HTTPConfig: &httpClientConfig{
+ Authorization: &authorization{
+ Type: "Bearer",
+ Credentials: "creds123",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ golden: "incidentio_configs_with_http_authorization.golden",
+ },
+ } {
+ t.Run(tc.name, func(t *testing.T) {
+ err := tc.in.sanitize(tc.againstVersion, logger)
+ if tc.expectErr {
+ require.Error(t, err)
+ return
+ }
+
+ require.NoError(t, err)
+
+ amConfigs, err := yaml.Marshal(tc.in)
+ require.NoError(t, err)
+
+ golden.Assert(t, string(amConfigs), tc.golden)
+ })
+ }
+}
func TestSanitizeRoute(t *testing.T) {
logger := newNopLogger(t)
matcherV2SyntaxAllowed := semver.Version{Major: 0, Minor: 22}
@@ -6318,6 +6968,130 @@ func TestConvertHTTPConfig(t *testing.T) {
}
}
+func TestSanitizeTelegramConfig(t *testing.T) {
+ logger := newNopLogger(t)
+ versionTelegramExampleAllowed := semver.Version{Major: 0, Minor: 26}
+
+ for _, tc := range []struct {
+ name string
+ againstVersion semver.Version
+ in *alertmanagerConfig
+ golden string
+ expectErr bool
+ }{
+ {
+ name: "telegram invalid api_url returns error",
+ againstVersion: versionTelegramExampleAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ TelegramConfigs: []*telegramConfig{
+ {
+ APIUrl: "not-a-valid-url",
+ BotToken: "token",
+ ChatID: 12345,
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "telegram valid api_url passes validation",
+ againstVersion: versionTelegramExampleAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ TelegramConfigs: []*telegramConfig{
+ {
+ APIUrl: "http://example.com",
+ BotToken: "token",
+ ChatID: 12345,
+ },
+ },
+ },
+ },
+ },
+ golden: "telegram_valid_url_passes.golden",
+ },
+ } {
+ t.Run(tc.name, func(t *testing.T) {
+ err := tc.in.sanitize(tc.againstVersion, logger)
+ if tc.expectErr {
+ require.Error(t, err)
+ return
+ }
+ require.NoError(t, err)
+
+ amConfigs, err := yaml.Marshal(tc.in)
+ require.NoError(t, err)
+
+ golden.Assert(t, string(amConfigs), tc.golden)
+ })
+ }
+}
+
+func TestSanitizeMSTeamsConfig(t *testing.T) {
+ logger := newNopLogger(t)
+ versionMSTeamsExampleAllowed := semver.Version{Major: 0, Minor: 27}
+
+ for _, tc := range []struct {
+ name string
+ againstVersion semver.Version
+ in *alertmanagerConfig
+ golden string
+ expectErr bool
+ }{
+ {
+ name: "msteams invalid webhook_url returns error",
+ againstVersion: versionMSTeamsExampleAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ MSTeamsConfigs: []*msTeamsConfig{
+ {
+ WebhookURL: "not-a-valid-url",
+ },
+ },
+ },
+ },
+ },
+ expectErr: true,
+ },
+ {
+ name: "msteams valid webhook_url passes validation",
+ againstVersion: versionMSTeamsExampleAllowed,
+ in: &alertmanagerConfig{
+ Receivers: []*receiver{
+ {
+ MSTeamsConfigs: []*msTeamsConfig{
+ {
+ WebhookURL: "http://example.com/webhook",
+ },
+ },
+ },
+ },
+ },
+ golden: "msteams_valid_url_passes.golden",
+ },
+ } {
+ t.Run(tc.name, func(t *testing.T) {
+ err := tc.in.sanitize(tc.againstVersion, logger)
+ if tc.expectErr {
+ require.Error(t, err)
+ return
+ }
+ require.NoError(t, err)
+
+ amConfigs, err := yaml.Marshal(tc.in)
+ require.NoError(t, err)
+
+ golden.Assert(t, string(amConfigs), tc.golden)
+ })
+ }
+}
+
func newNopLogger(t *testing.T) *slog.Logger {
t.Helper()
return slog.New(slog.DiscardHandler)
diff --git a/pkg/alertmanager/operator.go b/pkg/alertmanager/operator.go
index 247df148ce7..65e3dba8f6c 100644
--- a/pkg/alertmanager/operator.go
+++ b/pkg/alertmanager/operator.go
@@ -39,6 +39,7 @@ import (
"k8s.io/client-go/metadata"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/cache"
+ "k8s.io/utils/ptr"
"github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/clustertlsconfig"
"github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/validation"
@@ -284,17 +285,7 @@ func (c *Operator) bootstrap(ctx context.Context, config operator.Config) error
c.kclient,
resyncPeriod,
func(options *metav1.ListOptions) {
- // TODO(simonpasquier): use a more restrictive label selector
- // selecting only Alertmanager statefulsets (e.g.
- // "app.kubernetes.io/name in (alertmanager)").
- //
- // We need to wait for a couple of releases after [1] merges to
- // ensure that the expected labels have been propagated to the
- // Alertmanager statefulsets otherwise the informer won't
- // select any object.
- //
- // [1] https://github.com/prometheus-operator/prometheus-operator/pull/7786
- options.LabelSelector = operator.ManagedByOperatorLabelSelector()
+ options.LabelSelector = labelSelectorForStatefulSets()
},
),
appsv1.SchemeGroupVersion.WithResource("statefulsets"),
@@ -692,28 +683,11 @@ func (c *Operator) sync(ctx context.Context, key string) error {
return nil
}
- err = k8sutil.UpdateStatefulSet(ctx, ssetClient, sset)
- sErr, ok := err.(*apierrors.StatusError)
-
- if ok && sErr.ErrStatus.Code == 422 && sErr.ErrStatus.Reason == metav1.StatusReasonInvalid {
+ if err = k8sutil.ForceUpdateStatefulSet(ctx, ssetClient, sset, func(reason string) {
c.metrics.StsDeleteCreateCounter().Inc()
-
- // Gather only reason for failed update
- failMsg := make([]string, len(sErr.ErrStatus.Details.Causes))
- for i, cause := range sErr.ErrStatus.Details.Causes {
- failMsg[i] = cause.Message
- }
-
- logger.Info("recreating Alertmanager StatefulSet because the update operation wasn't possible", "reason", strings.Join(failMsg, ", "))
- propagationPolicy := metav1.DeletePropagationForeground
- if err := ssetClient.Delete(ctx, sset.GetName(), metav1.DeleteOptions{PropagationPolicy: &propagationPolicy}); err != nil {
- return fmt.Errorf("failed to delete StatefulSet to avoid forbidden action: %w", err)
- }
- return nil
- }
-
- if err != nil {
- return fmt.Errorf("updating StatefulSet failed: %w", err)
+ logger.Info("recreating StatefulSet because the update operation wasn't possible", "reason", reason)
+ }); err != nil {
+ return err
}
return nil
@@ -791,6 +765,7 @@ func (c *Operator) UpdateStatus(ctx context.Context, key string) error {
return nil
}
+// makeSelectorLabels returns the default selector for the pods of the Alertmanager statefulset.
func makeSelectorLabels(name string) map[string]string {
return map[string]string{
operator.ApplicationNameLabelKey: applicationNameLabelValue,
@@ -800,6 +775,16 @@ func makeSelectorLabels(name string) map[string]string {
}
}
+// labelSelectorForStatefulSets returns a label selector which selects
+// all Alertmanager statefulsets.
+func labelSelectorForStatefulSets() string {
+ return fmt.Sprintf(
+ "%s in (%s),%s in (%s)",
+ operator.ManagedByLabelKey, operator.ManagedByLabelValue,
+ operator.ApplicationNameLabelKey, applicationNameLabelValue,
+ )
+}
+
func createSSetInputHash(a monitoringv1.Alertmanager, c Config, tlsAssets *operator.ShardedSecret, s appsv1.StatefulSetSpec) (string, error) {
var http2 *bool
if a.Spec.Web != nil && a.Spec.Web.HTTPConfig != nil {
@@ -1278,13 +1263,6 @@ func checkPagerDutyConfigs(
}
}
- if config.URL != "" {
- if _, err := validation.ValidateURL(strings.TrimSpace(config.URL)); err != nil {
- return fmt.Errorf("failed to validate URL: %w ", err)
- }
-
- }
-
if err := configureHTTPConfigInStore(ctx, config.HTTPConfig, namespace, store); err != nil {
return err
}
@@ -1606,14 +1584,14 @@ func checkPushoverConfigs(
return errors.New("html and monospace options are mutually exclusive")
}
- if config.Expire != "" {
- if _, err := model.ParseDuration(config.Expire); err != nil {
+ if ptr.Deref(config.Expire, "") != "" {
+ if _, err := model.ParseDuration(*config.Expire); err != nil {
return err
}
}
- if config.Retry != "" {
- if _, err := model.ParseDuration(config.Retry); err != nil {
+ if ptr.Deref(config.Retry, "") != "" {
+ if _, err := model.ParseDuration(*config.Retry); err != nil {
return err
}
}
diff --git a/pkg/alertmanager/operator_test.go b/pkg/alertmanager/operator_test.go
index 5cecdaa7824..ecd00ef3953 100644
--- a/pkg/alertmanager/operator_test.go
+++ b/pkg/alertmanager/operator_test.go
@@ -470,7 +470,7 @@ func TestCheckAlertmanagerConfig(t *testing.T) {
Name: "recv1",
WebhookConfigs: []monitoringv1alpha1.WebhookConfig{
{
- URL: ptr.To("http://test.local"),
+ URL: ptr.To(monitoringv1alpha1.URL("http://test.local")),
},
},
}},
@@ -565,7 +565,7 @@ func TestCheckAlertmanagerConfig(t *testing.T) {
WeChatConfigs: []monitoringv1alpha1.WeChatConfig{
{
CorpID: "testingCorpID",
- APIURL: "http://::invalid-url",
+ APIURL: ptr.To(monitoringv1alpha1.URL("http://::invalid-url")),
},
},
}},
@@ -743,7 +743,7 @@ func TestCheckAlertmanagerConfig(t *testing.T) {
{
Type: "type",
Text: "text",
- URL: "http://localhost",
+ URL: ptr.To(monitoringv1alpha1.URL("http://localhost")),
},
},
},
@@ -771,7 +771,7 @@ func TestCheckAlertmanagerConfig(t *testing.T) {
{
Type: "type",
Text: "text",
- Name: "my-action",
+ Name: ptr.To("my-action"),
},
},
},
@@ -799,7 +799,7 @@ func TestCheckAlertmanagerConfig(t *testing.T) {
{
Type: "type",
Text: "text",
- Name: "my-action",
+ Name: ptr.To("my-action"),
ConfirmField: &monitoringv1alpha1.SlackConfirmationField{
Text: "",
},
@@ -830,7 +830,7 @@ func TestCheckAlertmanagerConfig(t *testing.T) {
{
Type: "type",
Text: "text",
- Name: "my-action",
+ Name: ptr.To("my-action"),
ConfirmField: &monitoringv1alpha1.SlackConfirmationField{
Text: "text",
},
@@ -940,7 +940,7 @@ func TestCheckAlertmanagerConfig(t *testing.T) {
{
Type: "type",
Text: "text",
- Name: "my-action",
+ Name: ptr.To("my-action"),
ConfirmField: &monitoringv1alpha1.SlackConfirmationField{
Text: "text",
},
diff --git a/pkg/alertmanager/statefulset.go b/pkg/alertmanager/statefulset.go
index 07b34cb9434..51b2ed904c6 100644
--- a/pkg/alertmanager/statefulset.go
+++ b/pkg/alertmanager/statefulset.go
@@ -303,6 +303,16 @@ func makeStatefulSetSpec(logger *slog.Logger, a *monitoringv1.Alertmanager, conf
}
+ if version.GTE(semver.MustParse("0.30.0")) && a.Spec.MinReadySeconds != nil {
+ startDelayArg := monitoringv1.Argument{
+ Name: "dispatch.start-delay",
+ Value: fmt.Sprintf("%ds", *a.Spec.MinReadySeconds),
+ }
+ if i := operator.ArgumentsIntersection([]monitoringv1.Argument{startDelayArg}, a.Spec.AdditionalArgs); len(i) == 0 {
+ amArgs = append(amArgs, startDelayArg)
+ }
+ }
+
if a.Spec.LogLevel != "" && a.Spec.LogLevel != "info" {
amArgs = append(amArgs, monitoringv1.Argument{Name: "log.level", Value: a.Spec.LogLevel})
}
@@ -767,16 +777,18 @@ func makeStatefulSetSpec(logger *slog.Logger, a *monitoringv1.Alertmanager, conf
return nil, fmt.Errorf("failed to merge init containers spec: %w", err)
}
+ // By default, podManagementPolicy is set to Parallel to mitigate rollout
+ // issues in Kubernetes (see https://github.com/kubernetes/kubernetes/issues/60164).
+ // This is also mentioned as one of limitations of StatefulSets:
+ // https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
+ podManagementPolicy := ptr.Deref(a.Spec.PodManagementPolicy, monitoringv1.ParallelPodManagement)
+
spec := appsv1.StatefulSetSpec{
- ServiceName: getServiceName(a),
- Replicas: a.Spec.Replicas,
- MinReadySeconds: ptr.Deref(a.Spec.MinReadySeconds, 0),
- // PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164
- // This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
- PodManagementPolicy: appsv1.ParallelPodManagement,
- UpdateStrategy: appsv1.StatefulSetUpdateStrategy{
- Type: appsv1.RollingUpdateStatefulSetStrategyType,
- },
+ ServiceName: getServiceName(a),
+ Replicas: a.Spec.Replicas,
+ MinReadySeconds: ptr.Deref(a.Spec.MinReadySeconds, 0),
+ PodManagementPolicy: appsv1.PodManagementPolicyType(podManagementPolicy),
+ UpdateStrategy: operator.UpdateStrategyForStatefulSet(a.Spec.UpdateStrategy),
Selector: &metav1.LabelSelector{
MatchLabels: finalSelectorLabels,
},
diff --git a/pkg/alertmanager/statefulset_test.go b/pkg/alertmanager/statefulset_test.go
index e4d8daf97ee..97b498c983e 100644
--- a/pkg/alertmanager/statefulset_test.go
+++ b/pkg/alertmanager/statefulset_test.go
@@ -1525,3 +1525,147 @@ func TestStatefulSetEnableServiceLinks(t *testing.T) {
}
}
}
+
+func TestStatefulSetPodManagementPolicy(t *testing.T) {
+ for _, tc := range []struct {
+ podManagementPolicy *monitoringv1.PodManagementPolicyType
+ exp appsv1.PodManagementPolicyType
+ }{
+ {
+ podManagementPolicy: nil,
+ exp: appsv1.ParallelPodManagement,
+ },
+ {
+ podManagementPolicy: ptr.To(monitoringv1.ParallelPodManagement),
+ exp: appsv1.ParallelPodManagement,
+ },
+ {
+ podManagementPolicy: ptr.To(monitoringv1.OrderedReadyPodManagement),
+ exp: appsv1.OrderedReadyPodManagement,
+ },
+ } {
+ t.Run("", func(t *testing.T) {
+ sset, err := makeStatefulSet(nil, &monitoringv1.Alertmanager{
+ Spec: monitoringv1.AlertmanagerSpec{
+ PodManagementPolicy: tc.podManagementPolicy,
+ },
+ }, defaultTestConfig, "", &operator.ShardedSecret{})
+
+ require.NoError(t, err)
+ require.Equal(t, tc.exp, sset.Spec.PodManagementPolicy)
+ })
+ }
+}
+
+func TestStatefulSetUpdateStrategy(t *testing.T) {
+ for _, tc := range []struct {
+ updateStrategy *monitoringv1.StatefulSetUpdateStrategy
+ exp appsv1.StatefulSetUpdateStrategy
+ }{
+ {
+ updateStrategy: nil,
+ exp: appsv1.StatefulSetUpdateStrategy{
+ Type: appsv1.RollingUpdateStatefulSetStrategyType,
+ },
+ },
+ {
+ updateStrategy: &monitoringv1.StatefulSetUpdateStrategy{
+ Type: monitoringv1.RollingUpdateStatefulSetStrategyType,
+ },
+ exp: appsv1.StatefulSetUpdateStrategy{
+ Type: appsv1.RollingUpdateStatefulSetStrategyType,
+ },
+ },
+ {
+ updateStrategy: &monitoringv1.StatefulSetUpdateStrategy{
+ Type: monitoringv1.RollingUpdateStatefulSetStrategyType,
+ RollingUpdate: &monitoringv1.RollingUpdateStatefulSetStrategy{
+ MaxUnavailable: ptr.To(intstr.FromInt(1)),
+ },
+ },
+ exp: appsv1.StatefulSetUpdateStrategy{
+ Type: appsv1.RollingUpdateStatefulSetStrategyType,
+ RollingUpdate: &appsv1.RollingUpdateStatefulSetStrategy{
+ MaxUnavailable: ptr.To(intstr.FromInt(1)),
+ },
+ },
+ },
+ {
+ updateStrategy: &monitoringv1.StatefulSetUpdateStrategy{
+ Type: monitoringv1.OnDeleteStatefulSetStrategyType,
+ },
+ exp: appsv1.StatefulSetUpdateStrategy{
+ Type: appsv1.OnDeleteStatefulSetStrategyType,
+ },
+ },
+ } {
+ t.Run("", func(t *testing.T) {
+ sset, err := makeStatefulSet(nil, &monitoringv1.Alertmanager{
+ Spec: monitoringv1.AlertmanagerSpec{
+ UpdateStrategy: tc.updateStrategy,
+ },
+ }, defaultTestConfig, "", &operator.ShardedSecret{})
+
+ require.NoError(t, err)
+ require.Equal(t, tc.exp, sset.Spec.UpdateStrategy)
+ })
+ }
+}
+
+func TestMakeStatefulSetSpecDispatchStartDelay(t *testing.T) {
+ for _, tc := range []struct {
+ version string
+ minReadySeconds *int32
+ additionalArgs []monitoringv1.Argument
+
+ expContains string
+ expNotContains string
+ }{
+ {
+ version: "v0.30.0",
+ expNotContains: "dispatch.start-delay",
+ },
+ {
+ version: "v0.30.0",
+ additionalArgs: []monitoringv1.Argument{{Name: "dispatch.start-delay", Value: "1m"}},
+ expContains: "--dispatch.start-delay=1m",
+ },
+ {
+ version: "v0.29.0",
+ minReadySeconds: ptr.To(int32(60)),
+ expNotContains: "dispatch.start-delay",
+ },
+ {
+ version: "v0.30.0",
+ minReadySeconds: ptr.To(int32(60)),
+ expContains: "--dispatch.start-delay=60s",
+ },
+ {
+ version: "v0.30.0",
+ minReadySeconds: ptr.To(int32(60)),
+ additionalArgs: []monitoringv1.Argument{{Name: "dispatch.start-delay", Value: "10s"}},
+ expContains: "--dispatch.start-delay=10s",
+ },
+ } {
+ t.Run("", func(t *testing.T) {
+ a := monitoringv1.Alertmanager{
+ Spec: monitoringv1.AlertmanagerSpec{
+ Replicas: ptr.To(int32(1)),
+ Version: tc.version,
+ MinReadySeconds: tc.minReadySeconds,
+ AdditionalArgs: tc.additionalArgs,
+ },
+ }
+
+ statefulSet, err := makeStatefulSetSpec(nil, &a, defaultTestConfig, &operator.ShardedSecret{})
+ require.NoError(t, err)
+
+ if tc.expContains != "" {
+ require.Contains(t, statefulSet.Template.Spec.Containers[0].Args, tc.expContains)
+ }
+ if tc.expNotContains != "" {
+ require.NotContains(t, statefulSet.Template.Spec.Containers[0].Args, tc.expNotContains)
+ }
+ })
+ }
+}
diff --git a/pkg/alertmanager/testdata/CR_with_Mattermost_Reeceiver_Bare_Minimum.golden b/pkg/alertmanager/testdata/CR_with_Mattermost_Reeceiver_Bare_Minimum.golden
new file mode 100644
index 00000000000..339b9833ddd
--- /dev/null
+++ b/pkg/alertmanager/testdata/CR_with_Mattermost_Reeceiver_Bare_Minimum.golden
@@ -0,0 +1,14 @@
+route:
+ receiver: "null"
+ routes:
+ - receiver: mynamespace/myamc/test
+ matchers:
+ - namespace="mynamespace"
+ continue: true
+receivers:
+- name: "null"
+- name: mynamespace/myamc/test
+ mattermost_configs:
+ - webhook_url: https://mattermost.example.com
+ text: test text
+templates: []
diff --git a/pkg/alertmanager/testdata/CR_with_Opsgenie_Receiver_Valid_APIURL.golden b/pkg/alertmanager/testdata/CR_with_Opsgenie_Receiver_Valid_APIURL.golden
new file mode 100644
index 00000000000..2ae484ce774
--- /dev/null
+++ b/pkg/alertmanager/testdata/CR_with_Opsgenie_Receiver_Valid_APIURL.golden
@@ -0,0 +1,14 @@
+route:
+ receiver: "null"
+ routes:
+ - receiver: mynamespace/myamc/test
+ matchers:
+ - namespace="mynamespace"
+ continue: true
+receivers:
+- name: "null"
+- name: mynamespace/myamc/test
+ opsgenie_configs:
+ - api_key: 1234abc
+ api_url: https://example.com/
+templates: []
diff --git a/pkg/alertmanager/testdata/incidentio_configs_for_supported_versions.golden b/pkg/alertmanager/testdata/incidentio_configs_for_supported_versions.golden
new file mode 100644
index 00000000000..a2d4092c7aa
--- /dev/null
+++ b/pkg/alertmanager/testdata/incidentio_configs_for_supported_versions.golden
@@ -0,0 +1,6 @@
+receivers:
+- name: ""
+ incidentio_configs:
+ - url: http://example.com
+ alert_source_token: token123
+templates: []
diff --git a/pkg/alertmanager/testdata/incidentio_configs_with_http_authorization.golden b/pkg/alertmanager/testdata/incidentio_configs_with_http_authorization.golden
new file mode 100644
index 00000000000..63b0cf0e021
--- /dev/null
+++ b/pkg/alertmanager/testdata/incidentio_configs_with_http_authorization.golden
@@ -0,0 +1,9 @@
+receivers:
+- name: ""
+ incidentio_configs:
+ - http_config:
+ authorization:
+ type: Bearer
+ credentials: creds123
+ url: http://example.com
+templates: []
diff --git a/pkg/alertmanager/testdata/jira_config_with_api_type.golden b/pkg/alertmanager/testdata/jira_config_with_api_type.golden
new file mode 100644
index 00000000000..d015b86d58f
--- /dev/null
+++ b/pkg/alertmanager/testdata/jira_config_with_api_type.golden
@@ -0,0 +1,8 @@
+receivers:
+- name: ""
+ jira_configs:
+ - api_url: http://issues.example.com
+ project: Monitoring
+ issue_type: Bug
+ api_type: datacenter
+templates: []
diff --git a/pkg/alertmanager/testdata/jira_config_with_api_type_version_not_supported.golden b/pkg/alertmanager/testdata/jira_config_with_api_type_version_not_supported.golden
new file mode 100644
index 00000000000..635652cc73b
--- /dev/null
+++ b/pkg/alertmanager/testdata/jira_config_with_api_type_version_not_supported.golden
@@ -0,0 +1,7 @@
+receivers:
+- name: ""
+ jira_configs:
+ - api_url: http://issues.example.com
+ project: Monitoring
+ issue_type: Bug
+templates: []
diff --git a/pkg/alertmanager/testdata/msteams_valid_url_passes.golden b/pkg/alertmanager/testdata/msteams_valid_url_passes.golden
new file mode 100644
index 00000000000..417954f37a0
--- /dev/null
+++ b/pkg/alertmanager/testdata/msteams_valid_url_passes.golden
@@ -0,0 +1,5 @@
+receivers:
+- name: ""
+ msteams_configs:
+ - webhook_url: http://example.com/webhook
+templates: []
diff --git a/pkg/alertmanager/testdata/telegram_valid_url_passes.golden b/pkg/alertmanager/testdata/telegram_valid_url_passes.golden
new file mode 100644
index 00000000000..f046dee0676
--- /dev/null
+++ b/pkg/alertmanager/testdata/telegram_valid_url_passes.golden
@@ -0,0 +1,7 @@
+receivers:
+- name: ""
+ telegram_configs:
+ - api_url: http://example.com
+ bot_token: token
+ chat_id: 12345
+templates: []
diff --git a/pkg/alertmanager/testdata/test_config_version_mattermost_allowed.golden b/pkg/alertmanager/testdata/test_config_version_mattermost_allowed.golden
new file mode 100644
index 00000000000..4e4f640f618
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_config_version_mattermost_allowed.golden
@@ -0,0 +1,6 @@
+receivers:
+- name: ""
+ mattermost_configs:
+ - webhook_url: www.test.com
+ text: test text
+templates: []
diff --git a/pkg/alertmanager/testdata/test_pagerduty_timeout_is_added_in_pagerduty_config_for_supported_versions.golden b/pkg/alertmanager/testdata/test_pagerduty_timeout_is_added_in_pagerduty_config_for_supported_versions.golden
new file mode 100644
index 00000000000..c008410a546
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_pagerduty_timeout_is_added_in_pagerduty_config_for_supported_versions.golden
@@ -0,0 +1,5 @@
+receivers:
+- name: ""
+ pagerduty_configs:
+ - timeout: 1m
+templates: []
diff --git a/pkg/alertmanager/testdata/test_pagerduty_timeout_is_dropped_in_pagerduty_config_for_unsupported_versions.golden b/pkg/alertmanager/testdata/test_pagerduty_timeout_is_dropped_in_pagerduty_config_for_unsupported_versions.golden
new file mode 100644
index 00000000000..448ec7eb969
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_pagerduty_timeout_is_dropped_in_pagerduty_config_for_unsupported_versions.golden
@@ -0,0 +1,5 @@
+receivers:
+- name: ""
+ pagerduty_configs:
+ - {}
+templates: []
diff --git a/pkg/alertmanager/testdata/test_pushover_valid_url_passes.golden b/pkg/alertmanager/testdata/test_pushover_valid_url_passes.golden
new file mode 100644
index 00000000000..24131a416c4
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_pushover_valid_url_passes.golden
@@ -0,0 +1,7 @@
+receivers:
+- name: ""
+ pushover_configs:
+ - user_key: key
+ token: token
+ url: http://example.com
+templates: []
diff --git a/pkg/alertmanager/testdata/test_slack_app_token_and_slack_api_url_with_same_url_is_allowed.golden b/pkg/alertmanager/testdata/test_slack_app_token_and_slack_api_url_with_same_url_is_allowed.golden
new file mode 100644
index 00000000000..b3b3c23d9d9
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_slack_app_token_and_slack_api_url_with_same_url_is_allowed.golden
@@ -0,0 +1,5 @@
+global:
+ slack_api_url: https://slack.com/api/chat.postMessage
+ slack_app_token: xoxb-token
+ slack_app_url: https://slack.com/api/chat.postMessage
+templates: []
diff --git a/pkg/alertmanager/testdata/test_slack_app_token_and_slack_app_url_preserved_for_supported_versions.golden b/pkg/alertmanager/testdata/test_slack_app_token_and_slack_app_url_preserved_for_supported_versions.golden
new file mode 100644
index 00000000000..e3287c8364a
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_slack_app_token_and_slack_app_url_preserved_for_supported_versions.golden
@@ -0,0 +1,4 @@
+global:
+ slack_app_token: xoxb-token
+ slack_app_url: https://slack.com/api/chat.postMessage
+templates: []
diff --git a/pkg/alertmanager/testdata/test_slack_app_token_is_dropped_for_unsupported_versions.golden b/pkg/alertmanager/testdata/test_slack_app_token_is_dropped_for_unsupported_versions.golden
new file mode 100644
index 00000000000..3ee534b4b8c
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_slack_app_token_is_dropped_for_unsupported_versions.golden
@@ -0,0 +1,2 @@
+global: {}
+templates: []
diff --git a/pkg/alertmanager/testdata/test_slack_app_token_takes_precedence_over_slack_app_token_file.golden b/pkg/alertmanager/testdata/test_slack_app_token_takes_precedence_over_slack_app_token_file.golden
new file mode 100644
index 00000000000..e3287c8364a
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_slack_app_token_takes_precedence_over_slack_app_token_file.golden
@@ -0,0 +1,4 @@
+global:
+ slack_app_token: xoxb-token
+ slack_app_url: https://slack.com/api/chat.postMessage
+templates: []
diff --git a/pkg/alertmanager/testdata/test_slack_app_url_is_dropped_for_unsupported_versions.golden b/pkg/alertmanager/testdata/test_slack_app_url_is_dropped_for_unsupported_versions.golden
new file mode 100644
index 00000000000..3ee534b4b8c
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_slack_app_url_is_dropped_for_unsupported_versions.golden
@@ -0,0 +1,2 @@
+global: {}
+templates: []
diff --git a/pkg/alertmanager/testdata/test_slack_timeout_is_added_in_slack_config_for_supported_versions.golden b/pkg/alertmanager/testdata/test_slack_timeout_is_added_in_slack_config_for_supported_versions.golden
new file mode 100644
index 00000000000..679a39be898
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_slack_timeout_is_added_in_slack_config_for_supported_versions.golden
@@ -0,0 +1,5 @@
+receivers:
+- name: ""
+ slack_configs:
+ - timeout: 1m
+templates: []
diff --git a/pkg/alertmanager/testdata/test_slack_timeout_is_dropped_in_slack_config_for_unsupported_versions.golden b/pkg/alertmanager/testdata/test_slack_timeout_is_dropped_in_slack_config_for_unsupported_versions.golden
new file mode 100644
index 00000000000..dff50ed53aa
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_slack_timeout_is_dropped_in_slack_config_for_unsupported_versions.golden
@@ -0,0 +1,5 @@
+receivers:
+- name: ""
+ slack_configs:
+ - {}
+templates: []
diff --git a/pkg/alertmanager/testdata/test_url_takes_precedence_in_webhook_config.golden b/pkg/alertmanager/testdata/test_url_takes_precedence_in_webhook_config.golden
index 0e49c47783e..1649b1dc8a8 100644
--- a/pkg/alertmanager/testdata/test_url_takes_precedence_in_webhook_config.golden
+++ b/pkg/alertmanager/testdata/test_url_takes_precedence_in_webhook_config.golden
@@ -1,5 +1,5 @@
receivers:
- name: ""
webhook_configs:
- - url: foo
+ - url: http://example.com/foo
templates: []
diff --git a/pkg/alertmanager/testdata/test_webhook_url_takes_precedence_in_mattermost_config.golden b/pkg/alertmanager/testdata/test_webhook_url_takes_precedence_in_mattermost_config.golden
new file mode 100644
index 00000000000..4e4f640f618
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_webhook_url_takes_precedence_in_mattermost_config.golden
@@ -0,0 +1,6 @@
+receivers:
+- name: ""
+ mattermost_configs:
+ - webhook_url: www.test.com
+ text: test text
+templates: []
diff --git a/pkg/alertmanager/testdata/test_webhook_valid_url_passes.golden b/pkg/alertmanager/testdata/test_webhook_valid_url_passes.golden
new file mode 100644
index 00000000000..61fad045168
--- /dev/null
+++ b/pkg/alertmanager/testdata/test_webhook_valid_url_passes.golden
@@ -0,0 +1,5 @@
+receivers:
+- name: ""
+ webhook_configs:
+ - url: http://example.com/webhook
+templates: []
diff --git a/pkg/alertmanager/types.go b/pkg/alertmanager/types.go
index ea425cd1eac..b245a87f054 100644
--- a/pkg/alertmanager/types.go
+++ b/pkg/alertmanager/types.go
@@ -26,188 +26,198 @@ import (
// marshalling. See the following issue for details:
// https://github.com/prometheus/alertmanager/issues/1985
type alertmanagerConfig struct {
- Global *globalConfig `yaml:"global,omitempty" json:"global,omitempty"`
- Route *route `yaml:"route,omitempty" json:"route,omitempty"`
- InhibitRules []*inhibitRule `yaml:"inhibit_rules,omitempty" json:"inhibit_rules,omitempty"`
- Receivers []*receiver `yaml:"receivers,omitempty" json:"receivers,omitempty"`
- MuteTimeIntervals []*timeInterval `yaml:"mute_time_intervals,omitempty" json:"mute_time_intervals,omitempty"`
- TimeIntervals []*timeInterval `yaml:"time_intervals,omitempty" json:"time_intervals,omitempty"`
- Templates []string `yaml:"templates" json:"templates"`
+ Global *globalConfig `yaml:"global,omitempty"`
+ Route *route `yaml:"route,omitempty"`
+ InhibitRules []*inhibitRule `yaml:"inhibit_rules,omitempty"`
+ Receivers []*receiver `yaml:"receivers,omitempty"`
+ MuteTimeIntervals []*timeInterval `yaml:"mute_time_intervals,omitempty"`
+ TimeIntervals []*timeInterval `yaml:"time_intervals,omitempty"`
+ Templates []string `yaml:"templates"`
}
type globalConfig struct {
// ResolveTimeout is the time after which an alert is declared resolved
// if it has not been updated.
- ResolveTimeout *model.Duration `yaml:"resolve_timeout,omitempty" json:"resolve_timeout,omitempty"`
-
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
-
- SMTPFrom string `yaml:"smtp_from,omitempty" json:"smtp_from,omitempty"`
- SMTPHello string `yaml:"smtp_hello,omitempty" json:"smtp_hello,omitempty"`
- SMTPSmarthost config.HostPort `yaml:"smtp_smarthost,omitempty" json:"smtp_smarthost,omitempty"`
- SMTPAuthUsername string `yaml:"smtp_auth_username,omitempty" json:"smtp_auth_username,omitempty"`
- SMTPAuthPassword string `yaml:"smtp_auth_password,omitempty" json:"smtp_auth_password,omitempty"`
- SMTPAuthPasswordFile string `yaml:"smtp_auth_password_file,omitempty" json:"smtp_auth_password_file,omitempty"`
- SMTPAuthSecret string `yaml:"smtp_auth_secret,omitempty" json:"smtp_auth_secret,omitempty"`
- SMTPAuthIdentity string `yaml:"smtp_auth_identity,omitempty" json:"smtp_auth_identity,omitempty"`
- SMTPRequireTLS *bool `yaml:"smtp_require_tls,omitempty" json:"smtp_require_tls,omitempty"`
- SMTPTLSConfig *tlsConfig `yaml:"smtp_tls_config,omitempty" json:"smtp_tls_config,omitempty"`
- SlackAPIURL *config.URL `yaml:"slack_api_url,omitempty" json:"slack_api_url,omitempty"`
- SlackAPIURLFile string `yaml:"slack_api_url_file,omitempty" json:"slack_api_url_file,omitempty"`
- PagerdutyURL *config.URL `yaml:"pagerduty_url,omitempty" json:"pagerduty_url,omitempty"`
- HipchatAPIURL *config.URL `yaml:"hipchat_api_url,omitempty" json:"hipchat_api_url,omitempty"`
- HipchatAuthToken string `yaml:"hipchat_auth_token,omitempty" json:"hipchat_auth_token,omitempty"`
- OpsGenieAPIURL *config.URL `yaml:"opsgenie_api_url,omitempty" json:"opsgenie_api_url,omitempty"`
- OpsGenieAPIKey string `yaml:"opsgenie_api_key,omitempty" json:"opsgenie_api_key,omitempty"`
- OpsGenieAPIKeyFile string `yaml:"opsgenie_api_key_file,omitempty" json:"opsgenie_api_key_file,omitempty"`
- WeChatAPIURL *config.URL `yaml:"wechat_api_url,omitempty" json:"wechat_api_url,omitempty"`
- WeChatAPISecret string `yaml:"wechat_api_secret,omitempty" json:"wechat_api_secret,omitempty"`
- WeChatAPICorpID string `yaml:"wechat_api_corp_id,omitempty" json:"wechat_api_corp_id,omitempty"`
- VictorOpsAPIURL *config.URL `yaml:"victorops_api_url,omitempty" json:"victorops_api_url,omitempty"`
- VictorOpsAPIKey string `yaml:"victorops_api_key,omitempty" json:"victorops_api_key,omitempty"`
- VictorOpsAPIKeyFile string `yaml:"victorops_api_key_file,omitempty" json:"victorops_api_key_file,omitempty"`
- TelegramAPIURL *config.URL `yaml:"telegram_api_url,omitempty" json:"telegram_api_url,omitempty"`
- WebexAPIURL *config.URL `yaml:"webex_api_url,omitempty" json:"webex_api_url,omitempty"`
- JiraAPIURL *config.URL `yaml:"jira_api_url,omitempty" json:"jira_api_url,omitempty"`
- RocketChatAPIURL *config.URL `yaml:"rocketchat_api_url,omitempty" json:"rocketchat_api_url,omitempty"`
- RocketChatToken string `yaml:"rocketchat_token,omitempty" json:"rocketchat_token,omitempty"`
- RocketChatTokenFile string `yaml:"rocketchat_token_file,omitempty" json:"rocketchat_token_file,omitempty"`
- RocketChatTokenID string `yaml:"rocketchat_token_id,omitempty" json:"rocketchat_token_id,omitempty"`
- RocketChatTokenIDFile string `yaml:"rocketchat_token_id_file,omitempty" json:"rocketchat_token_id_file,omitempty"`
+ ResolveTimeout *model.Duration `yaml:"resolve_timeout,omitempty"`
+
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
+
+ SMTPFrom string `yaml:"smtp_from,omitempty"`
+ SMTPHello string `yaml:"smtp_hello,omitempty"`
+ SMTPSmarthost config.HostPort `yaml:"smtp_smarthost,omitempty"`
+ SMTPAuthUsername string `yaml:"smtp_auth_username,omitempty"`
+ SMTPAuthPassword string `yaml:"smtp_auth_password,omitempty"`
+ SMTPAuthPasswordFile string `yaml:"smtp_auth_password_file,omitempty"`
+ SMTPAuthSecret string `yaml:"smtp_auth_secret,omitempty"`
+ SMTPAuthIdentity string `yaml:"smtp_auth_identity,omitempty"`
+ SMTPRequireTLS *bool `yaml:"smtp_require_tls,omitempty"`
+ SMTPTLSConfig *tlsConfig `yaml:"smtp_tls_config,omitempty"`
+ SlackAPIURL *config.URL `yaml:"slack_api_url,omitempty"`
+ SlackAPIURLFile string `yaml:"slack_api_url_file,omitempty"`
+ PagerdutyURL *config.URL `yaml:"pagerduty_url,omitempty"`
+ HipchatAPIURL *config.URL `yaml:"hipchat_api_url,omitempty"`
+ HipchatAuthToken string `yaml:"hipchat_auth_token,omitempty"`
+ OpsGenieAPIURL *config.URL `yaml:"opsgenie_api_url,omitempty"`
+ OpsGenieAPIKey string `yaml:"opsgenie_api_key,omitempty"`
+ OpsGenieAPIKeyFile string `yaml:"opsgenie_api_key_file,omitempty"`
+ WeChatAPIURL *config.URL `yaml:"wechat_api_url,omitempty"`
+ WeChatAPISecret string `yaml:"wechat_api_secret,omitempty"`
+ WeChatAPICorpID string `yaml:"wechat_api_corp_id,omitempty"`
+ VictorOpsAPIURL *config.URL `yaml:"victorops_api_url,omitempty"`
+ VictorOpsAPIKey string `yaml:"victorops_api_key,omitempty"`
+ VictorOpsAPIKeyFile string `yaml:"victorops_api_key_file,omitempty"`
+ TelegramAPIURL *config.URL `yaml:"telegram_api_url,omitempty"`
+ WebexAPIURL *config.URL `yaml:"webex_api_url,omitempty"`
+ JiraAPIURL *config.URL `yaml:"jira_api_url,omitempty"`
+ RocketChatAPIURL *config.URL `yaml:"rocketchat_api_url,omitempty"`
+ RocketChatToken string `yaml:"rocketchat_token,omitempty"`
+ RocketChatTokenFile string `yaml:"rocketchat_token_file,omitempty"`
+ RocketChatTokenID string `yaml:"rocketchat_token_id,omitempty"`
+ RocketChatTokenIDFile string `yaml:"rocketchat_token_id_file,omitempty"`
+ SlackAppToken string `yaml:"slack_app_token,omitempty"`
+ SlackAppTokenFile string `yaml:"slack_app_token_file,omitempty"`
+ SlackAppURL *config.URL `yaml:"slack_app_url,omitempty"`
}
type route struct {
- Receiver string `yaml:"receiver,omitempty" json:"receiver,omitempty"`
- GroupByStr []string `yaml:"group_by,omitempty" json:"group_by,omitempty"`
- Match map[string]string `yaml:"match,omitempty" json:"match,omitempty"`
- MatchRE map[string]string `yaml:"match_re,omitempty" json:"match_re,omitempty"`
- Matchers []string `yaml:"matchers,omitempty" json:"matchers,omitempty"`
- Continue bool `yaml:"continue,omitempty" json:"continue,omitempty"`
- Routes []*route `yaml:"routes,omitempty" json:"routes,omitempty"`
- GroupWait string `yaml:"group_wait,omitempty" json:"group_wait,omitempty"`
- GroupInterval string `yaml:"group_interval,omitempty" json:"group_interval,omitempty"`
- RepeatInterval string `yaml:"repeat_interval,omitempty" json:"repeat_interval,omitempty"`
- MuteTimeIntervals []string `yaml:"mute_time_intervals,omitempty" json:"mute_time_intervals,omitempty"`
- ActiveTimeIntervals []string `yaml:"active_time_intervals,omitempty" json:"active_time_intervals,omitempty"`
+ Receiver string `yaml:"receiver,omitempty"`
+ GroupByStr []string `yaml:"group_by,omitempty"`
+ Match map[string]string `yaml:"match,omitempty"`
+ MatchRE map[string]string `yaml:"match_re,omitempty"`
+ Matchers []string `yaml:"matchers,omitempty"`
+ Continue bool `yaml:"continue,omitempty"`
+ Routes []*route `yaml:"routes,omitempty"`
+ GroupWait string `yaml:"group_wait,omitempty"`
+ GroupInterval string `yaml:"group_interval,omitempty"`
+ RepeatInterval string `yaml:"repeat_interval,omitempty"`
+ MuteTimeIntervals []string `yaml:"mute_time_intervals,omitempty"`
+ ActiveTimeIntervals []string `yaml:"active_time_intervals,omitempty"`
}
type inhibitRule struct {
- TargetMatch map[string]string `yaml:"target_match,omitempty" json:"target_match,omitempty"`
- TargetMatchRE map[string]string `yaml:"target_match_re,omitempty" json:"target_match_re,omitempty"`
- TargetMatchers []string `yaml:"target_matchers,omitempty" json:"target_matchers,omitempty"`
- SourceMatch map[string]string `yaml:"source_match,omitempty" json:"source_match,omitempty"`
- SourceMatchRE map[string]string `yaml:"source_match_re,omitempty" json:"source_match_re,omitempty"`
- SourceMatchers []string `yaml:"source_matchers,omitempty" json:"source_matchers,omitempty"`
- Equal []string `yaml:"equal,omitempty" json:"equal,omitempty"`
+ TargetMatch map[string]string `yaml:"target_match,omitempty"`
+ TargetMatchRE map[string]string `yaml:"target_match_re,omitempty"`
+ TargetMatchers []string `yaml:"target_matchers,omitempty"`
+ SourceMatch map[string]string `yaml:"source_match,omitempty"`
+ SourceMatchRE map[string]string `yaml:"source_match_re,omitempty"`
+ SourceMatchers []string `yaml:"source_matchers,omitempty"`
+ Equal []string `yaml:"equal,omitempty"`
}
type receiver struct {
- Name string `yaml:"name" json:"name"`
- OpsgenieConfigs []*opsgenieConfig `yaml:"opsgenie_configs,omitempty" json:"opsgenie_configs,omitempty"`
- PagerdutyConfigs []*pagerdutyConfig `yaml:"pagerduty_configs,omitempty" json:"pagerduty_configs,omitempty"`
- SlackConfigs []*slackConfig `yaml:"slack_configs,omitempty" json:"slack_configs,omitempty"`
- WebhookConfigs []*webhookConfig `yaml:"webhook_configs,omitempty" json:"webhook_configs,omitempty"`
- WeChatConfigs []*weChatConfig `yaml:"wechat_configs,omitempty" json:"wechat_config,omitempty"`
- EmailConfigs []*emailConfig `yaml:"email_configs,omitempty" json:"email_configs,omitempty"`
- PushoverConfigs []*pushoverConfig `yaml:"pushover_configs,omitempty" json:"pushover_configs,omitempty"`
- VictorOpsConfigs []*victorOpsConfig `yaml:"victorops_configs,omitempty" json:"victorops_configs,omitempty"`
- SNSConfigs []*snsConfig `yaml:"sns_configs,omitempty" json:"sns_configs,omitempty"`
- TelegramConfigs []*telegramConfig `yaml:"telegram_configs,omitempty" json:"telegram_configs,omitempty"`
+ Name string `yaml:"name"`
+ OpsgenieConfigs []*opsgenieConfig `yaml:"opsgenie_configs,omitempty"`
+ PagerdutyConfigs []*pagerdutyConfig `yaml:"pagerduty_configs,omitempty"`
+ SlackConfigs []*slackConfig `yaml:"slack_configs,omitempty"`
+ WebhookConfigs []*webhookConfig `yaml:"webhook_configs,omitempty"`
+ WeChatConfigs []*weChatConfig `yaml:"wechat_configs,omitempty"`
+ EmailConfigs []*emailConfig `yaml:"email_configs,omitempty"`
+ PushoverConfigs []*pushoverConfig `yaml:"pushover_configs,omitempty"`
+ VictorOpsConfigs []*victorOpsConfig `yaml:"victorops_configs,omitempty"`
+ SNSConfigs []*snsConfig `yaml:"sns_configs,omitempty"`
+ TelegramConfigs []*telegramConfig `yaml:"telegram_configs,omitempty"`
DiscordConfigs []*discordConfig `yaml:"discord_configs,omitempty"`
WebexConfigs []*webexConfig `yaml:"webex_configs,omitempty"`
MSTeamsConfigs []*msTeamsConfig `yaml:"msteams_configs,omitempty"`
MSTeamsV2Configs []*msTeamsV2Config `yaml:"msteamsv2_configs,omitempty"`
JiraConfigs []*jiraConfig `yaml:"jira_configs,omitempty"`
RocketChatConfigs []*rocketChatConfig `yaml:"rocketchat_configs,omitempty"`
+ MattermostConfigs []*mattermostConfig `yaml:"mattermost_configs,omitempty"`
+ IncidentioConfigs []*incidentioConfig `yaml:"incidentio_configs,omitempty"`
}
type webhookConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- URL string `yaml:"url,omitempty" json:"url,omitempty"`
- URLFile string `yaml:"url_file,omitempty" json:"url_file,omitempty"`
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
- MaxAlerts int32 `yaml:"max_alerts,omitempty" json:"max_alerts,omitempty"`
- Timeout *model.Duration `yaml:"timeout,omitempty" json:"timeout,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ URL string `yaml:"url,omitempty"`
+ URLFile string `yaml:"url_file,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
+ MaxAlerts int32 `yaml:"max_alerts,omitempty"`
+ Timeout *model.Duration `yaml:"timeout,omitempty"`
}
type pagerdutyConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
- ServiceKey string `yaml:"service_key,omitempty" json:"service_key,omitempty"`
- ServiceKeyFile string `yaml:"service_key_file,omitempty" json:"service_key_file,omitempty"`
- RoutingKey string `yaml:"routing_key,omitempty" json:"routing_key,omitempty"`
- RoutingKeyFile string `yaml:"routing_key_file,omitempty" json:"routing_key_file,omitempty"`
- URL string `yaml:"url,omitempty" json:"url,omitempty"`
- Client string `yaml:"client,omitempty" json:"client,omitempty"`
- ClientURL string `yaml:"client_url,omitempty" json:"client_url,omitempty"`
- Description string `yaml:"description,omitempty" json:"description,omitempty"`
- Details map[string]string `yaml:"details,omitempty" json:"details,omitempty"`
- Images []pagerdutyImage `yaml:"images,omitempty" json:"images,omitempty"`
- Links []pagerdutyLink `yaml:"links,omitempty" json:"links,omitempty"`
- Severity string `yaml:"severity,omitempty" json:"severity,omitempty"`
- Class string `yaml:"class,omitempty" json:"class,omitempty"`
- Component string `yaml:"component,omitempty" json:"component,omitempty"`
- Group string `yaml:"group,omitempty" json:"group,omitempty"`
- Source string `yaml:"source,omitempty" json:"source,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
+ ServiceKey string `yaml:"service_key,omitempty"`
+ ServiceKeyFile string `yaml:"service_key_file,omitempty"`
+ RoutingKey string `yaml:"routing_key,omitempty"`
+ RoutingKeyFile string `yaml:"routing_key_file,omitempty"`
+ URL string `yaml:"url,omitempty"`
+ Client string `yaml:"client,omitempty"`
+ ClientURL string `yaml:"client_url,omitempty"`
+ Description string `yaml:"description,omitempty"`
+ Details map[string]string `yaml:"details,omitempty"`
+ Images []pagerdutyImage `yaml:"images,omitempty"`
+ Links []pagerdutyLink `yaml:"links,omitempty"`
+ Severity string `yaml:"severity,omitempty"`
+ Class string `yaml:"class,omitempty"`
+ Component string `yaml:"component,omitempty"`
+ Group string `yaml:"group,omitempty"`
+ Source string `yaml:"source,omitempty"`
+ Timeout *model.Duration `yaml:"timeout,omitempty"`
}
type opsgenieConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
- APIKey string `yaml:"api_key,omitempty" json:"api_key,omitempty"`
- APIKeyFile string `yaml:"api_key_file,omitempty" json:"api_key_file,omitempty"`
- APIURL string `yaml:"api_url,omitempty" json:"api_url,omitempty"`
- Message string `yaml:"message,omitempty" json:"message,omitempty"`
- Description string `yaml:"description,omitempty" json:"description,omitempty"`
- Source string `yaml:"source,omitempty" json:"source,omitempty"`
- Details map[string]string `yaml:"details,omitempty" json:"details,omitempty"`
- Responders []opsgenieResponder `yaml:"responders,omitempty" json:"responders,omitempty"`
- Tags string `yaml:"tags,omitempty" json:"tags,omitempty"`
- Note string `yaml:"note,omitempty" json:"note,omitempty"`
- Priority string `yaml:"priority,omitempty" json:"priority,omitempty"`
- UpdateAlerts *bool `yaml:"update_alerts,omitempty" json:"update_alerts,omitempty"`
- Entity string `yaml:"entity,omitempty" json:"entity,omitempty"`
- Actions string `yaml:"actions,omitempty" json:"actions,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
+ APIKey string `yaml:"api_key,omitempty"`
+ APIKeyFile string `yaml:"api_key_file,omitempty"`
+ APIURL string `yaml:"api_url,omitempty"`
+ Message string `yaml:"message,omitempty"`
+ Description string `yaml:"description,omitempty"`
+ Source string `yaml:"source,omitempty"`
+ Details map[string]string `yaml:"details,omitempty"`
+ Responders []opsgenieResponder `yaml:"responders,omitempty"`
+ Tags string `yaml:"tags,omitempty"`
+ Note string `yaml:"note,omitempty"`
+ Priority string `yaml:"priority,omitempty"`
+ UpdateAlerts *bool `yaml:"update_alerts,omitempty"`
+ Entity string `yaml:"entity,omitempty"`
+ Actions string `yaml:"actions,omitempty"`
}
type weChatConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- APISecret string `yaml:"api_secret,omitempty" json:"api_secret,omitempty"`
- APIURL string `yaml:"api_url,omitempty" json:"api_url,omitempty"`
- CorpID string `yaml:"corp_id,omitempty" json:"corp_id,omitempty"`
- AgentID string `yaml:"agent_id,omitempty" json:"agent_id,omitempty"`
- ToUser string `yaml:"to_user,omitempty" json:"to_user,omitempty"`
- ToParty string `yaml:"to_party,omitempty" json:"to_party,omitempty"`
- ToTag string `yaml:"to_tag,omitempty" json:"to_tag,omitempty"`
- Message string `yaml:"message,omitempty" json:"message,omitempty"`
- MessageType string `yaml:"message_type,omitempty" json:"message_type,omitempty"`
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ APISecret string `yaml:"api_secret,omitempty"`
+ APIURL string `yaml:"api_url,omitempty"`
+ CorpID string `yaml:"corp_id,omitempty"`
+ AgentID string `yaml:"agent_id,omitempty"`
+ ToUser string `yaml:"to_user,omitempty"`
+ ToParty string `yaml:"to_party,omitempty"`
+ ToTag string `yaml:"to_tag,omitempty"`
+ Message string `yaml:"message,omitempty"`
+ MessageType string `yaml:"message_type,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
}
type slackConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
- APIURL string `yaml:"api_url,omitempty" json:"api_url,omitempty"`
- APIURLFile string `yaml:"api_url_file,omitempty" json:"api_url_file,omitempty"`
- Channel string `yaml:"channel,omitempty" json:"channel,omitempty"`
- Username string `yaml:"username,omitempty" json:"username,omitempty"`
- Color string `yaml:"color,omitempty" json:"color,omitempty"`
- Title string `yaml:"title,omitempty" json:"title,omitempty"`
- TitleLink string `yaml:"title_link,omitempty" json:"title_link,omitempty"`
- Pretext string `yaml:"pretext,omitempty" json:"pretext,omitempty"`
- Text string `yaml:"text,omitempty" json:"text,omitempty"`
- Fields []slackField `yaml:"fields,omitempty" json:"fields,omitempty"`
- ShortFields bool `yaml:"short_fields,omitempty" json:"short_fields,omitempty"`
- Footer string `yaml:"footer,omitempty" json:"footer,omitempty"`
- Fallback string `yaml:"fallback,omitempty" json:"fallback,omitempty"`
- CallbackID string `yaml:"callback_id,omitempty" json:"callback_id,omitempty"`
- IconEmoji string `yaml:"icon_emoji,omitempty" json:"icon_emoji,omitempty"`
- IconURL string `yaml:"icon_url,omitempty" json:"icon_url,omitempty"`
- ImageURL string `yaml:"image_url,omitempty" json:"image_url,omitempty"`
- ThumbURL string `yaml:"thumb_url,omitempty" json:"thumb_url,omitempty"`
- LinkNames bool `yaml:"link_names,omitempty" json:"link_names,omitempty"`
- MrkdwnIn []string `yaml:"mrkdwn_in,omitempty" json:"mrkdwn_in,omitempty"`
- Actions []slackAction `yaml:"actions,omitempty" json:"actions,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
+ APIURL string `yaml:"api_url,omitempty"`
+ APIURLFile string `yaml:"api_url_file,omitempty"`
+ AppToken string `yaml:"app_token,omitempty"`
+ AppTokenFile string `yaml:"app_token_file,omitempty"`
+ AppURL string `yaml:"app_url,omitempty"`
+ Channel string `yaml:"channel,omitempty"`
+ Username string `yaml:"username,omitempty"`
+ Color string `yaml:"color,omitempty"`
+ Title string `yaml:"title,omitempty"`
+ TitleLink string `yaml:"title_link,omitempty"`
+ Pretext string `yaml:"pretext,omitempty"`
+ Text string `yaml:"text,omitempty"`
+ Fields []slackField `yaml:"fields,omitempty"`
+ ShortFields bool `yaml:"short_fields,omitempty"`
+ Footer string `yaml:"footer,omitempty"`
+ Fallback string `yaml:"fallback,omitempty"`
+ CallbackID string `yaml:"callback_id,omitempty"`
+ IconEmoji string `yaml:"icon_emoji,omitempty"`
+ IconURL string `yaml:"icon_url,omitempty"`
+ ImageURL string `yaml:"image_url,omitempty"`
+ ThumbURL string `yaml:"thumb_url,omitempty"`
+ LinkNames bool `yaml:"link_names,omitempty"`
+ MrkdwnIn []string `yaml:"mrkdwn_in,omitempty"`
+ Actions []slackAction `yaml:"actions,omitempty"`
+ Timeout *model.Duration `yaml:"timeout,omitempty"`
}
type httpClientConfig struct {
@@ -247,7 +257,7 @@ type authorization struct {
}
type basicAuth struct {
- Username string `yaml:"username"`
+ Username string `yaml:"username,omitempty"`
Password string `yaml:"password,omitempty"`
PasswordFile string `yaml:"password_file,omitempty"`
}
@@ -265,109 +275,109 @@ type oauth2 struct {
}
type pagerdutyLink struct {
- Href string `yaml:"href,omitempty" json:"href,omitempty"`
- Text string `yaml:"text,omitempty" json:"text,omitempty"`
+ Href string `yaml:"href,omitempty"`
+ Text string `yaml:"text,omitempty"`
}
type pagerdutyImage struct {
- Src string `yaml:"src,omitempty" json:"src,omitempty"`
- Alt string `yaml:"alt,omitempty" json:"alt,omitempty"`
- Href string `yaml:"href,omitempty" json:"href,omitempty"`
+ Src string `yaml:"src,omitempty"`
+ Alt string `yaml:"alt,omitempty"`
+ Href string `yaml:"href,omitempty"`
}
type opsgenieResponder struct {
- ID string `yaml:"id,omitempty" json:"id,omitempty"`
- Name string `yaml:"name,omitempty" json:"name,omitempty"`
- Username string `yaml:"username,omitempty" json:"username,omitempty"`
- Type string `yaml:"type,omitempty" json:"type,omitempty"`
+ ID string `yaml:"id,omitempty"`
+ Name string `yaml:"name,omitempty"`
+ Username string `yaml:"username,omitempty"`
+ Type string `yaml:"type,omitempty"`
}
type slackField struct {
- Title string `yaml:"title,omitempty" json:"title,omitempty"`
- Value string `yaml:"value,omitempty" json:"value,omitempty"`
- Short bool `yaml:"short,omitempty" json:"short,omitempty"`
+ Title string `yaml:"title,omitempty"`
+ Value string `yaml:"value,omitempty"`
+ Short bool `yaml:"short,omitempty"`
}
type slackAction struct {
- Type string `yaml:"type,omitempty" json:"type,omitempty"`
- Text string `yaml:"text,omitempty" json:"text,omitempty"`
- URL string `yaml:"url,omitempty" json:"url,omitempty"`
- Style string `yaml:"style,omitempty" json:"style,omitempty"`
- Name string `yaml:"name,omitempty" json:"name,omitempty"`
- Value string `yaml:"value,omitempty" json:"value,omitempty"`
- ConfirmField *slackConfirmationField `yaml:"confirm,omitempty" json:"confirm,omitempty"`
+ Type string `yaml:"type,omitempty"`
+ Text string `yaml:"text,omitempty"`
+ URL string `yaml:"url,omitempty"`
+ Style string `yaml:"style,omitempty"`
+ Name string `yaml:"name,omitempty"`
+ Value string `yaml:"value,omitempty"`
+ ConfirmField *slackConfirmationField `yaml:"confirm,omitempty"`
}
type slackConfirmationField struct {
- Text string `yaml:"text,omitempty" json:"text,omitempty"`
- Title string `yaml:"title,omitempty" json:"title,omitempty"`
- OkText string `yaml:"ok_text,omitempty" json:"ok_text,omitempty"`
- DismissText string `yaml:"dismiss_text,omitempty" json:"dismiss_text,omitempty"`
+ Text string `yaml:"text,omitempty"`
+ Title string `yaml:"title,omitempty"`
+ OkText string `yaml:"ok_text,omitempty"`
+ DismissText string `yaml:"dismiss_text,omitempty"`
}
type emailConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- To string `yaml:"to,omitempty" json:"to,omitempty"`
- From string `yaml:"from,omitempty" json:"from,omitempty"`
- Hello string `yaml:"hello,omitempty" json:"hello,omitempty"`
- Smarthost config.HostPort `yaml:"smarthost,omitempty" json:"smarthost,omitempty"`
- AuthUsername string `yaml:"auth_username,omitempty" json:"auth_username,omitempty"`
- AuthPassword string `yaml:"auth_password,omitempty" json:"auth_password,omitempty"`
- AuthPasswordFile string `yaml:"auth_password_file,omitempty" json:"auth_password_file,omitempty"`
- AuthSecret string `yaml:"auth_secret,omitempty" json:"auth_secret,omitempty"`
- AuthIdentity string `yaml:"auth_identity,omitempty" json:"auth_identity,omitempty"`
- Headers map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"`
- HTML *string `yaml:"html,omitempty" json:"html,omitempty"`
- Text *string `yaml:"text,omitempty" json:"text,omitempty"`
- RequireTLS *bool `yaml:"require_tls,omitempty" json:"require_tls,omitempty"`
- TLSConfig *tlsConfig `yaml:"tls_config,omitempty" json:"tls_config,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ To string `yaml:"to,omitempty"`
+ From string `yaml:"from,omitempty"`
+ Hello string `yaml:"hello,omitempty"`
+ Smarthost config.HostPort `yaml:"smarthost,omitempty"`
+ AuthUsername string `yaml:"auth_username,omitempty"`
+ AuthPassword string `yaml:"auth_password,omitempty"`
+ AuthPasswordFile string `yaml:"auth_password_file,omitempty"`
+ AuthSecret string `yaml:"auth_secret,omitempty"`
+ AuthIdentity string `yaml:"auth_identity,omitempty"`
+ Headers map[string]string `yaml:"headers,omitempty"`
+ HTML *string `yaml:"html,omitempty"`
+ Text *string `yaml:"text,omitempty"`
+ RequireTLS *bool `yaml:"require_tls,omitempty"`
+ TLSConfig *tlsConfig `yaml:"tls_config,omitempty"`
}
type pushoverConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
- UserKey string `yaml:"user_key,omitempty" json:"user_key,omitempty"`
- UserKeyFile string `yaml:"user_key_file,omitempty" json:"user_key_file,omitempty"`
- Token string `yaml:"token,omitempty" json:"token,omitempty"`
- TokenFile string `yaml:"token_file,omitempty" json:"token_file,omitempty"`
- Title string `yaml:"title,omitempty" json:"title,omitempty"`
- Message string `yaml:"message,omitempty" json:"message,omitempty"`
- URL string `yaml:"url,omitempty" json:"url,omitempty"`
- URLTitle string `yaml:"url_title,omitempty" json:"url_title,omitempty"`
- TTL string `yaml:"ttl,omitempty" json:"ttl,omitempty"`
- Device string `yaml:"device,omitempty" json:"device,omitempty"`
- Sound string `yaml:"sound,omitempty" json:"sound,omitempty"`
- Priority string `yaml:"priority,omitempty" json:"priority,omitempty"`
- Retry *model.Duration `yaml:"retry,omitempty" json:"retry,omitempty"`
- Expire *model.Duration `yaml:"expire,omitempty" json:"expire,omitempty"`
- HTML *bool `yaml:"html,omitempty" json:"html,omitempty"`
- Monospace *bool `yaml:"monospace,omitempty" json:"monospace,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
+ UserKey string `yaml:"user_key,omitempty"`
+ UserKeyFile string `yaml:"user_key_file,omitempty"`
+ Token string `yaml:"token,omitempty"`
+ TokenFile string `yaml:"token_file,omitempty"`
+ Title string `yaml:"title,omitempty"`
+ Message string `yaml:"message,omitempty"`
+ URL string `yaml:"url,omitempty"`
+ URLTitle string `yaml:"url_title,omitempty"`
+ TTL string `yaml:"ttl,omitempty"`
+ Device string `yaml:"device,omitempty"`
+ Sound string `yaml:"sound,omitempty"`
+ Priority string `yaml:"priority,omitempty"`
+ Retry *model.Duration `yaml:"retry,omitempty"`
+ Expire *model.Duration `yaml:"expire,omitempty"`
+ HTML *bool `yaml:"html,omitempty"`
+ Monospace *bool `yaml:"monospace,omitempty"`
}
type snsConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
- APIUrl string `yaml:"api_url,omitempty" json:"api_url,omitempty"`
- Sigv4 sigV4Config `yaml:"sigv4,omitempty" json:"sigv4,omitempty"`
- TopicARN string `yaml:"topic_arn,omitempty" json:"topic_arn,omitempty"`
- PhoneNumber string `yaml:"phone_number,omitempty" json:"phone_number,omitempty"`
- TargetARN string `yaml:"target_arn,omitempty" json:"target_arn,omitempty"`
- Subject string `yaml:"subject,omitempty" json:"subject,omitempty"`
- Message string `yaml:"message,omitempty" json:"message,omitempty"`
- Attributes map[string]string `yaml:"attributes,omitempty" json:"attributes,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
+ APIUrl string `yaml:"api_url,omitempty"`
+ Sigv4 sigV4Config `yaml:"sigv4,omitempty"`
+ TopicARN string `yaml:"topic_arn,omitempty"`
+ PhoneNumber string `yaml:"phone_number,omitempty"`
+ TargetARN string `yaml:"target_arn,omitempty"`
+ Subject string `yaml:"subject,omitempty"`
+ Message string `yaml:"message,omitempty"`
+ Attributes map[string]string `yaml:"attributes,omitempty"`
}
type telegramConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- APIUrl string `yaml:"api_url,omitempty" json:"api_url,omitempty"`
- BotToken string `yaml:"bot_token,omitempty" json:"bot_token,omitempty"`
- BotTokenFile string `yaml:"bot_token_file,omitempty" json:"bot_token_file,omitempty"`
- ChatID int64 `yaml:"chat_id,omitempty" json:"chat_id,omitempty"`
- MessageThreadID int `yaml:"message_thread_id,omitempty" json:"message_thread_id,omitempty"`
- Message string `yaml:"message,omitempty" json:"message,omitempty"`
- DisableNotifications bool `yaml:"disable_notifications,omitempty" json:"disable_notifications,omitempty"`
- ParseMode string `yaml:"parse_mode,omitempty" json:"parse_mode,omitempty"`
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ APIUrl string `yaml:"api_url,omitempty"`
+ BotToken string `yaml:"bot_token,omitempty"`
+ BotTokenFile string `yaml:"bot_token_file,omitempty"`
+ ChatID int64 `yaml:"chat_id,omitempty"`
+ MessageThreadID int `yaml:"message_thread_id,omitempty"`
+ Message string `yaml:"message,omitempty"`
+ DisableNotifications bool `yaml:"disable_notifications,omitempty"`
+ ParseMode string `yaml:"parse_mode,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
}
type discordConfig struct {
@@ -390,25 +400,25 @@ type webexConfig struct {
}
type sigV4Config struct {
- Region string `yaml:"region,omitempty" json:"region,omitempty"`
- AccessKey string `yaml:"access_key,omitempty" json:"access_key,omitempty"`
- SecretKey string `yaml:"secret_key,omitempty" json:"secret_key,omitempty"`
- Profile string `yaml:"profile,omitempty" json:"profile,omitempty"`
- RoleARN string `yaml:"role_arn,omitempty" json:"role_arn,omitempty"`
+ Region string `yaml:"region,omitempty"`
+ AccessKey string `yaml:"access_key,omitempty"`
+ SecretKey string `yaml:"secret_key,omitempty"`
+ Profile string `yaml:"profile,omitempty"`
+ RoleARN string `yaml:"role_arn,omitempty"`
}
type victorOpsConfig struct {
- VSendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
- HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
- APIKey string `yaml:"api_key,omitempty" json:"api_key,omitempty"`
- APIKeyFile string `yaml:"api_key_file,omitempty" json:"api_key_file,omitempty"`
- APIURL string `yaml:"api_url,omitempty" json:"api_url,omitempty"`
- RoutingKey string `yaml:"routing_key,omitempty" json:"routing_key,omitempty"`
- MessageType string `yaml:"message_type,omitempty" json:"message_type,omitempty"`
- StateMessage string `yaml:"state_message,omitempty" json:"state_message,omitempty"`
- EntityDisplayName string `yaml:"entity_display_name,omitempty" json:"entity_display_name,omitempty"`
- MonitoringTool string `yaml:"monitoring_tool,omitempty" json:"monitoring_tool,omitempty"`
- CustomFields map[string]string `yaml:"custom_fields,omitempty" json:"custom_fields,omitempty"`
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
+ APIKey string `yaml:"api_key,omitempty"`
+ APIKeyFile string `yaml:"api_key_file,omitempty"`
+ APIURL string `yaml:"api_url,omitempty"`
+ RoutingKey string `yaml:"routing_key,omitempty"`
+ MessageType string `yaml:"message_type,omitempty"`
+ StateMessage string `yaml:"state_message,omitempty"`
+ EntityDisplayName string `yaml:"entity_display_name,omitempty"`
+ MonitoringTool string `yaml:"monitoring_tool,omitempty"`
+ CustomFields map[string]string `yaml:"custom_fields,omitempty"`
}
type msTeamsConfig struct {
@@ -444,6 +454,7 @@ type jiraConfig struct {
WontFixResolution string `yaml:"wont_fix_resolution,omitempty"`
ReopenDuration model.Duration `yaml:"reopen_duration,omitempty"`
Fields map[string]any `yaml:"fields,omitempty"`
+ APIType string `yaml:"api_type,omitempty"`
}
type rocketchatAttachmentField struct {
@@ -488,4 +499,63 @@ type rocketChatConfig struct {
Actions []*rocketchatAttachmentAction `yaml:"actions,omitempty"`
}
+type mattermostConfig struct {
+ SendResolved *bool `yaml:"send_resolved,omitempty" json:"send_resolved,omitempty"`
+ WebhookURL string `yaml:"webhook_url,omitempty" json:"webhook_url,omitempty"`
+ WebhookURLFile string `yaml:"webhook_url_file,omitempty" json:"webhook_url_file,omitempty"`
+ Channel string `yaml:"channel,omitempty" json:"channel,omitempty"`
+ Username string `yaml:"username,omitempty" json:"username,omitempty"`
+ Text string `yaml:"text" json:"text"`
+ IconURL string `yaml:"icon_url,omitempty" json:"icon_url,omitempty"`
+ IconEmoji string `yaml:"icon_emoji,omitempty" json:"icon_emoji,omitempty"`
+ Attachments []*mattermostAttachmentConfig `yaml:"attachments,omitempty" json:"attachments,omitempty"`
+ Props *mattermostPropsConfig `yaml:"props,omitempty" json:"props,omitempty"`
+ Priority *mattermostPriorityConfig `yaml:"priority,omitempty" json:"priority,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
+}
+
+type mattermostAttachmentConfig struct {
+ Fallback string `yaml:"fallback,omitempty" json:"fallback,omitempty"`
+ Color string `yaml:"color,omitempty" json:"color,omitempty"`
+ Pretext string `yaml:"pretext,omitempty" json:"pretext,omitempty"`
+ Text string `yaml:"text,omitempty" json:"text,omitempty"`
+ AuthorName string `yaml:"author_name,omitempty" json:"author_name,omitempty"`
+ AuthorLink string `yaml:"author_link,omitempty" json:"author_link,omitempty"`
+ AuthorIcon string `yaml:"author_icon,omitempty" json:"author_icon,omitempty"`
+ Title string `yaml:"title,omitempty" json:"title,omitempty"`
+ TitleLink string `yaml:"title_link,omitempty" json:"title_link,omitempty"`
+ Fields []mattermostField `yaml:"fields,omitempty" json:"fields,omitempty"`
+ ThumbURL string `yaml:"thumb_url,omitempty" json:"thumb_url,omitempty"`
+ Footer string `yaml:"footer,omitempty" json:"footer,omitempty"`
+ FooterIcon string `yaml:"footer_icon,omitempty" json:"footer_icon,omitempty"`
+ ImageURL string `yaml:"image_url,omitempty" json:"image_url,omitempty"`
+}
+
+type mattermostField struct {
+ Title string `yaml:"title,omitempty" json:"title,omitempty"`
+ Value string `yaml:"value,omitempty" json:"value,omitempty"`
+ Short bool `yaml:"short,omitempty" json:"short,omitempty"`
+}
+
+type mattermostPropsConfig struct {
+ Card *string `yaml:"card,omitempty" json:"card,omitempty"`
+}
+
+type mattermostPriorityConfig struct {
+ Priority string `yaml:"priority,omitempty" json:"priority,omitempty"`
+ RequestedAck *bool `yaml:"requested_ack,omitempty" json:"requested_ack,omitempty"`
+ PersistentNotifications *bool `yaml:"persistent_notifications,omitempty" json:"persistent_notifications,omitempty"`
+}
+
+type incidentioConfig struct {
+ VSendResolved *bool `yaml:"send_resolved,omitempty"`
+ HTTPConfig *httpClientConfig `yaml:"http_config,omitempty"`
+ URL string `yaml:"url,omitempty"`
+ URLFile string `yaml:"url_file,omitempty"`
+ AlertSourceToken string `yaml:"alert_source_token,omitempty"`
+ AlertSourceTokenFile string `yaml:"alert_source_token_file,omitempty"`
+ MaxAlerts *int32 `yaml:"max_alerts,omitempty"`
+ Timeout *model.Duration `yaml:"timeout,omitempty"`
+}
+
type timeInterval config.TimeInterval
diff --git a/pkg/alertmanager/validation/v1/validation.go b/pkg/alertmanager/validation/v1/validation.go
index c8e64d72fd9..31eec6d27ff 100644
--- a/pkg/alertmanager/validation/v1/validation.go
+++ b/pkg/alertmanager/validation/v1/validation.go
@@ -17,6 +17,7 @@ package v1
import (
"fmt"
+ "github.com/prometheus-operator/prometheus-operator/pkg/alertmanager/validation"
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
)
@@ -25,9 +26,25 @@ func ValidateAlertmanagerGlobalConfig(gc *monitoringv1.AlertmanagerGlobalConfig)
return nil
}
- if err := gc.HTTPConfig.Validate(); err != nil {
+ if err := gc.HTTPConfigWithProxy.Validate(); err != nil {
return fmt.Errorf("httpConfig: %w", err)
}
+ if err := validateGlobalWeChatConfig(gc.WeChatConfig); err != nil {
+ return fmt.Errorf("wechatConfig: %w", err)
+ }
+
+ return nil
+}
+
+func validateGlobalWeChatConfig(wc *monitoringv1.GlobalWeChatConfig) error {
+ if wc == nil {
+ return nil
+ }
+
+ if err := validation.ValidateURLPtr((*string)(wc.APIURL)); err != nil {
+ return fmt.Errorf("invalid apiURL: %w", err)
+ }
+
return nil
}
diff --git a/pkg/alertmanager/validation/v1alpha1/validation.go b/pkg/alertmanager/validation/v1alpha1/validation.go
index a0b7dc22257..3fc0d5365fd 100644
--- a/pkg/alertmanager/validation/v1alpha1/validation.go
+++ b/pkg/alertmanager/validation/v1alpha1/validation.go
@@ -114,23 +114,37 @@ func validateReceivers(receivers []monitoringv1alpha1.Receiver) (map[string]stru
if err := validateMSTeamsV2Configs(receiver.MSTeamsV2Configs); err != nil {
return nil, fmt.Errorf("failed to validate 'msteamsv2Config' - receiver %s: %w", receiver.Name, err)
}
-
}
return receiverNames, nil
}
func validatePagerDutyConfigs(configs []monitoringv1alpha1.PagerDutyConfig) error {
- for _, conf := range configs {
- if conf.URL != "" {
- if _, err := validation.ValidateURL(conf.URL); err != nil {
- return fmt.Errorf("pagerduty validation failed for 'url': %w", err)
- }
+ for i, conf := range configs {
+ if err := validation.ValidateURLPtr((*string)(conf.URL)); err != nil {
+ return fmt.Errorf("[%d]: url: %w", i, err)
+ }
+
+ if err := validation.ValidateURLPtr((*string)(conf.ClientURL)); err != nil {
+ return fmt.Errorf("[%d]: clientURL: %w", i, err)
}
+
if conf.RoutingKey == nil && conf.ServiceKey == nil {
return errors.New("one of 'routingKey' or 'serviceKey' is required")
}
+ for j, lc := range conf.PagerDutyLinkConfigs {
+ if err := validation.ValidateURLPtr((*string)(lc.Href)); err != nil {
+ return fmt.Errorf("[%d]: pagerDutyLinkConfigs[%d]: href: %w", i, j, err)
+ }
+ }
+
+ for j, ic := range conf.PagerDutyImageConfigs {
+ if err := validation.ValidateURLPtr((*string)(ic.Href)); err != nil {
+ return fmt.Errorf("[%d]: pagerDutyImageConfigs[%d]: href: %w", i, j, err)
+ }
+ }
+
if err := conf.HTTPConfig.Validate(); err != nil {
return err
}
@@ -139,20 +153,20 @@ func validatePagerDutyConfigs(configs []monitoringv1alpha1.PagerDutyConfig) erro
}
func validateOpsGenieConfigs(configs []monitoringv1alpha1.OpsGenieConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
if err := config.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
- if config.APIURL != "" {
- if _, err := validation.ValidateURL(config.APIURL); err != nil {
- return fmt.Errorf("invalid 'apiURL': %w", err)
- }
+
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
+
return nil
}
@@ -166,26 +180,43 @@ func validateDiscordConfigs(configs []monitoringv1alpha1.DiscordConfig) error {
}
func validateRocketchatConfigs(configs []monitoringv1alpha1.RocketChatConfig) error {
- for _, config := range configs {
- if config.APIURL != nil && *config.APIURL != "" {
- if _, err := validation.ValidateURL(string(*config.APIURL)); err != nil {
- return fmt.Errorf("invalid 'apiURL': %w", err)
- }
+ for i, config := range configs {
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
+
return nil
}
func validateSlackConfigs(configs []monitoringv1alpha1.SlackConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
if err := config.Validate(); err != nil {
return err
}
+ if err := validation.ValidateURLPtr((*string)(config.IconURL)); err != nil {
+ return fmt.Errorf("[%d]: iconURL: %w", i, err)
+ }
+
+ if err := validation.ValidateURLPtr((*string)(config.ImageURL)); err != nil {
+ return fmt.Errorf("[%d]: imageURL: %w", i, err)
+ }
+
+ if err := validation.ValidateURLPtr((*string)(config.ThumbURL)); err != nil {
+ return fmt.Errorf("[%d]: thumbURL: %w", i, err)
+ }
+
+ for j, sa := range config.Actions {
+ if err := validation.ValidateURLPtr((*string)(sa.URL)); err != nil {
+ return fmt.Errorf("[%d]: invalid 'action'[%d]: url: %w", i, j, err)
+ }
+ }
+
if err := config.HTTPConfig.Validate(); err != nil {
return err
}
@@ -194,35 +225,34 @@ func validateSlackConfigs(configs []monitoringv1alpha1.SlackConfig) error {
}
func validateWebhookConfigs(configs []monitoringv1alpha1.WebhookConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
if config.URL == nil && config.URLSecret == nil {
- return errors.New("one of 'url' or 'urlSecret' must be specified")
+ return fmt.Errorf("[%d]: one of 'url' or 'urlSecret' must be specified", i)
}
- if config.URL != nil {
- if _, err := validation.ValidateURL(*config.URL); err != nil {
- return fmt.Errorf("invalid 'url': %w", err)
- }
+
+ if err := validation.ValidateURLPtr((*string)(config.URL)); err != nil {
+ return fmt.Errorf("[%d]: url: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
+
return nil
}
func validateWechatConfigs(configs []monitoringv1alpha1.WeChatConfig) error {
- for _, config := range configs {
- if config.APIURL != "" {
- if _, err := validation.ValidateURL(config.APIURL); err != nil {
- return fmt.Errorf("invalid 'apiURL': %w", err)
- }
+ for i, config := range configs {
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
+
return nil
}
@@ -255,7 +285,7 @@ func validateEmailConfig(configs []monitoringv1alpha1.EmailConfig) error {
}
func validateVictorOpsConfigs(configs []monitoringv1alpha1.VictorOpsConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
// from https://github.com/prometheus/alertmanager/blob/a7f9fdadbecbb7e692d2cd8d3334e3d6de1602e1/config/notifiers.go#L497
reservedFields := map[string]struct{}{
@@ -280,10 +310,8 @@ func validateVictorOpsConfigs(configs []monitoringv1alpha1.VictorOpsConfig) erro
return errors.New("missing 'routingKey' key")
}
- if config.APIURL != "" {
- if _, err := validation.ValidateURL(config.APIURL); err != nil {
- return fmt.Errorf("'apiURL' %s invalid: %w", config.APIURL, err)
- }
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
@@ -294,7 +322,7 @@ func validateVictorOpsConfigs(configs []monitoringv1alpha1.VictorOpsConfig) erro
}
func validatePushoverConfigs(configs []monitoringv1alpha1.PushoverConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
if config.UserKey == nil && config.UserKeyFile == nil {
return fmt.Errorf("one of userKey or userKeyFile must be configured")
}
@@ -307,6 +335,10 @@ func validatePushoverConfigs(configs []monitoringv1alpha1.PushoverConfig) error
return fmt.Errorf("html and monospace options are mutually exclusive")
}
+ if err := validation.ValidateURLPtr((*string)(config.URL)); err != nil {
+ return fmt.Errorf("[%d]: url: %w", i, err)
+ }
+
if err := config.HTTPConfig.Validate(); err != nil {
return err
}
@@ -329,18 +361,21 @@ func validateSnsConfigs(configs []monitoringv1alpha1.SNSConfig) error {
}
func validateTelegramConfigs(configs []monitoringv1alpha1.TelegramConfig) error {
- for _, config := range configs {
-
+ for i, config := range configs {
if config.BotToken == nil && config.BotTokenFile == nil {
- return fmt.Errorf("mandatory field botToken or botTokenfile is empty")
+ return fmt.Errorf("[%d]: mandatory field botToken or botTokenfile is empty", i)
}
if config.ChatID == 0 {
- return fmt.Errorf("mandatory field %q is empty", "chatID")
+ return fmt.Errorf("[%d]: mandatory field %q is empty", i, "chatID")
+ }
+
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
@@ -348,15 +383,13 @@ func validateTelegramConfigs(configs []monitoringv1alpha1.TelegramConfig) error
}
func validateWebexConfigs(configs []monitoringv1alpha1.WebexConfig) error {
- for _, config := range configs {
- if config.APIURL != nil && *config.APIURL != "" {
- if _, err := validation.ValidateURL(string(*config.APIURL)); err != nil {
- return fmt.Errorf("invalid 'apiURL': %w", err)
- }
+ for i, config := range configs {
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
diff --git a/pkg/alertmanager/validation/v1beta1/validation.go b/pkg/alertmanager/validation/v1beta1/validation.go
index 154128ebe0a..f0dcfbf186a 100644
--- a/pkg/alertmanager/validation/v1beta1/validation.go
+++ b/pkg/alertmanager/validation/v1beta1/validation.go
@@ -114,23 +114,37 @@ func validateReceivers(receivers []monitoringv1beta1.Receiver) (map[string]struc
if err := validateMSTeamsV2Configs(receiver.MSTeamsV2Configs); err != nil {
return nil, fmt.Errorf("failed to validate 'msteamsv2Config' - receiver %s: %w", receiver.Name, err)
}
-
}
return receiverNames, nil
}
func validatePagerDutyConfigs(configs []monitoringv1beta1.PagerDutyConfig) error {
- for _, conf := range configs {
- if conf.URL != "" {
- if _, err := validation.ValidateURL(conf.URL); err != nil {
- return fmt.Errorf("pagerduty validation failed for 'url': %w", err)
- }
+ for i, conf := range configs {
+ if err := validation.ValidateURLPtr((*string)(conf.URL)); err != nil {
+ return fmt.Errorf("[%d]: url: %w", i, err)
+ }
+
+ if err := validation.ValidateURLPtr((*string)(conf.ClientURL)); err != nil {
+ return fmt.Errorf("[%d]: clientURL: %w", i, err)
}
+
if conf.RoutingKey == nil && conf.ServiceKey == nil {
return errors.New("one of 'routingKey' or 'serviceKey' is required")
}
+ for j, lc := range conf.PagerDutyLinkConfigs {
+ if err := validation.ValidateURLPtr((*string)(lc.Href)); err != nil {
+ return fmt.Errorf("[%d]: pagerDutyLinkConfigs[%d]: href: %w", i, j, err)
+ }
+ }
+
+ for j, ic := range conf.PagerDutyImageConfigs {
+ if err := validation.ValidateURLPtr((*string)(ic.Href)); err != nil {
+ return fmt.Errorf("[%d]: pagerDutyImageConfigs[%d]: href: %w", i, j, err)
+ }
+ }
+
if err := conf.HTTPConfig.Validate(); err != nil {
return err
}
@@ -139,29 +153,47 @@ func validatePagerDutyConfigs(configs []monitoringv1beta1.PagerDutyConfig) error
}
func validateOpsGenieConfigs(configs []monitoringv1beta1.OpsGenieConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
if err := config.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
- if config.APIURL != "" {
- if _, err := validation.ValidateURL(config.APIURL); err != nil {
- return fmt.Errorf("invalid 'apiURL': %w", err)
- }
+
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
+
return nil
}
func validateSlackConfigs(configs []monitoringv1beta1.SlackConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
if err := config.Validate(); err != nil {
return err
}
+ if err := validation.ValidateURLPtr((*string)(config.IconURL)); err != nil {
+ return fmt.Errorf("[%d]: iconURL: %w", i, err)
+ }
+
+ if err := validation.ValidateURLPtr((*string)(config.ImageURL)); err != nil {
+ return fmt.Errorf("[%d]: imageURL: %w", i, err)
+ }
+
+ if err := validation.ValidateURLPtr((*string)(config.ThumbURL)); err != nil {
+ return fmt.Errorf("[%d]: thumbURL: %w", i, err)
+ }
+
+ for j, sa := range config.Actions {
+ if err := validation.ValidateURLPtr((*string)(sa.URL)); err != nil {
+ return fmt.Errorf("[%d]: invalid 'action'[%d]: url: %w", i, j, err)
+ }
+ }
+
if err := config.HTTPConfig.Validate(); err != nil {
return err
}
@@ -170,35 +202,34 @@ func validateSlackConfigs(configs []monitoringv1beta1.SlackConfig) error {
}
func validateWebhookConfigs(configs []monitoringv1beta1.WebhookConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
if config.URL == nil && config.URLSecret == nil {
- return errors.New("one of 'url' or 'urlSecret' must be specified")
+ return fmt.Errorf("[%d]: one of 'url' or 'urlSecret' must be specified", i)
}
- if config.URL != nil {
- if _, err := validation.ValidateURL(*config.URL); err != nil {
- return fmt.Errorf("invalid 'url': %w", err)
- }
+
+ if err := validation.ValidateURLPtr((*string)(config.URL)); err != nil {
+ return fmt.Errorf("[%d]: url: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
+
return nil
}
func validateWechatConfigs(configs []monitoringv1beta1.WeChatConfig) error {
- for _, config := range configs {
- if config.APIURL != "" {
- if _, err := validation.ValidateURL(config.APIURL); err != nil {
- return fmt.Errorf("invalid 'apiURL': %w", err)
- }
+ for i, config := range configs {
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
+
return nil
}
@@ -231,7 +262,7 @@ func validateEmailConfig(configs []monitoringv1beta1.EmailConfig) error {
}
func validateVictorOpsConfigs(configs []monitoringv1beta1.VictorOpsConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
// from https://github.com/prometheus/alertmanager/blob/a7f9fdadbecbb7e692d2cd8d3334e3d6de1602e1/config/notifiers.go#L497
reservedFields := map[string]struct{}{
@@ -256,10 +287,8 @@ func validateVictorOpsConfigs(configs []monitoringv1beta1.VictorOpsConfig) error
return errors.New("missing 'routingKey' key")
}
- if config.APIURL != "" {
- if _, err := validation.ValidateURL(config.APIURL); err != nil {
- return fmt.Errorf("'apiURL' %s invalid: %w", config.APIURL, err)
- }
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
@@ -270,7 +299,7 @@ func validateVictorOpsConfigs(configs []monitoringv1beta1.VictorOpsConfig) error
}
func validatePushoverConfigs(configs []monitoringv1beta1.PushoverConfig) error {
- for _, config := range configs {
+ for i, config := range configs {
if config.UserKey == nil && config.UserKeyFile == nil {
return fmt.Errorf("one of userKey or userKeyFile must be configured")
}
@@ -283,6 +312,10 @@ func validatePushoverConfigs(configs []monitoringv1beta1.PushoverConfig) error {
return fmt.Errorf("html and monospace options are mutually exclusive")
}
+ if err := validation.ValidateURLPtr((*string)(config.URL)); err != nil {
+ return fmt.Errorf("[%d]: url: %w", i, err)
+ }
+
if err := config.HTTPConfig.Validate(); err != nil {
return err
}
@@ -305,18 +338,21 @@ func validateSnsConfigs(configs []monitoringv1beta1.SNSConfig) error {
}
func validateTelegramConfigs(configs []monitoringv1beta1.TelegramConfig) error {
- for _, config := range configs {
-
+ for i, config := range configs {
if config.BotToken == nil && config.BotTokenFile == nil {
- return fmt.Errorf("mandatory field botToken or botTokenfile is empty")
+ return fmt.Errorf("[%d]: mandatory field botToken or botTokenfile is empty", i)
}
if config.ChatID == 0 {
- return fmt.Errorf("mandatory field %q is empty", "chatID")
+ return fmt.Errorf("[%d]: mandatory field %q is empty", i, "chatID")
+ }
+
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
@@ -324,15 +360,13 @@ func validateTelegramConfigs(configs []monitoringv1beta1.TelegramConfig) error {
}
func validateWebexConfigs(configs []monitoringv1beta1.WebexConfig) error {
- for _, config := range configs {
- if config.APIURL != nil && *config.APIURL != "" {
- if _, err := validation.ValidateURL(string(*config.APIURL)); err != nil {
- return fmt.Errorf("invalid 'apiURL': %w", err)
- }
+ for i, config := range configs {
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
@@ -350,15 +384,13 @@ func validateDiscordConfigs(configs []monitoringv1beta1.DiscordConfig) error {
}
func validateRocketchatConfigs(configs []monitoringv1beta1.RocketChatConfig) error {
- for _, config := range configs {
- if config.APIURL != nil && *config.APIURL != "" {
- if _, err := validation.ValidateURL(string(*config.APIURL)); err != nil {
- return fmt.Errorf("invalid 'apiURL': %w", err)
- }
+ for i, config := range configs {
+ if err := validation.ValidateURLPtr((*string)(config.APIURL)); err != nil {
+ return fmt.Errorf("[%d]: apiURL: %w", i, err)
}
if err := config.HTTPConfig.Validate(); err != nil {
- return err
+ return fmt.Errorf("[%d]: %w", i, err)
}
}
diff --git a/pkg/alertmanager/validation/v1beta1/validation_test.go b/pkg/alertmanager/validation/v1beta1/validation_test.go
index 74fea8c05c5..fd267183014 100644
--- a/pkg/alertmanager/validation/v1beta1/validation_test.go
+++ b/pkg/alertmanager/validation/v1beta1/validation_test.go
@@ -83,8 +83,8 @@ func TestValidateAlertmanagerConfig(t *testing.T) {
{
Type: "a",
Text: "b",
- URL: "www.test.com",
- Name: "c",
+ URL: ptr.To(monitoringv1beta1.URL("www.test.com")),
+ Name: ptr.To("c"),
ConfirmField: &monitoringv1beta1.SlackConfirmationField{
Text: "d",
},
@@ -132,7 +132,7 @@ func TestValidateAlertmanagerConfig(t *testing.T) {
Name: "different",
WeChatConfigs: []monitoringv1beta1.WeChatConfig{
{
- APIURL: "http://%>= 0.24.0.
@@ -349,7 +382,7 @@ type AlertmanagerSpec struct {
// automountServiceAccountToken defines whether a service account token should be automatically mounted in the pod.
// If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials.
// +optional
- AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"`
+ AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"` // nolint:kubeapilinter
// enableFeatures defines the Alertmanager's feature flags. By default, no features are enabled.
// Enabling features which are disabled by default is entirely outside the
// scope of what the maintainers will support and by doing so, you accept
@@ -385,7 +418,7 @@ type AlertmanagerSpec struct {
// Starting Kubernetes 1.33, the feature is enabled by default.
//
// +optional
- HostUsers *bool `json:"hostUsers,omitempty"`
+ HostUsers *bool `json:"hostUsers,omitempty"` // nolint:kubeapilinter
}
type AlertmanagerConfigMatcherStrategy struct {
@@ -452,7 +485,7 @@ type AlertmanagerGlobalConfig struct {
// httpConfig defines the default HTTP configuration.
// +optional
- HTTPConfig *HTTPConfig `json:"httpConfig,omitempty"`
+ HTTPConfigWithProxy *HTTPConfigWithProxy `json:"httpConfig,omitempty"`
// slackApiUrl defines the default Slack API URL.
// +optional
@@ -486,7 +519,7 @@ type AlertmanagerGlobalConfig struct {
// +optional
RocketChatConfig *GlobalRocketChatConfig `json:"rocketChat,omitempty"`
- // webex defines the default configuration for Jira.
+ // webex defines the default configuration for Webex.
// +optional
WebexConfig *GlobalWebexConfig `json:"webex,omitempty"`
@@ -503,7 +536,7 @@ type AlertmanagerStatus struct {
// paused defines whether any actions on the underlying managed objects are
// being performed. Only delete actions will be performed.
// +optional
- Paused bool `json:"paused"`
+ Paused bool `json:"paused"` // nolint:kubeapilinter
// replicas defines the total number of non-terminated pods targeted by this Alertmanager
// object (their labels match the selector).
// +optional
@@ -607,7 +640,7 @@ type GlobalSMTPConfig struct {
// requireTLS defines the default SMTP TLS requirement.
// Note that Go does not support unencrypted connections to remote SMTP endpoints.
// +optional
- RequireTLS *bool `json:"requireTLS,omitempty"`
+ RequireTLS *bool `json:"requireTLS,omitempty"` // nolint:kubeapilinter
// tlsConfig defines the default TLS configuration for SMTP receivers
// +optional
diff --git a/pkg/apis/monitoring/v1/http_config.go b/pkg/apis/monitoring/v1/http_config.go
index 3d7a0b82300..1590d23e097 100644
--- a/pkg/apis/monitoring/v1/http_config.go
+++ b/pkg/apis/monitoring/v1/http_config.go
@@ -21,8 +21,49 @@ import (
v1 "k8s.io/api/core/v1"
)
-// HTTPConfig defines the configuration for the HTTP client.
-type HTTPConfig struct {
+// HTTPConfigWithProxyAndTLSFiles defines the configuration for the HTTP client
+// with proxy configuration and TLS configuration. It is used for
+// ServiceMonitor endpoints.
+type HTTPConfigWithProxyAndTLSFiles struct {
+ HTTPConfigWithTLSFiles `json:",inline"`
+ ProxyConfig `json:",inline"`
+}
+
+// Validate semantically validates the given TLSConfig.
+func (c *HTTPConfigWithProxyAndTLSFiles) Validate() error {
+ if err := c.HTTPConfigWithTLSFiles.Validate(); err != nil {
+ return err
+ }
+
+ if err := c.ProxyConfig.Validate(); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// HTTPConfigWithProxy defines the configuration for the HTTP client with proxy
+// configuration. It is used for PodMonitor endpoints and Probes.
+type HTTPConfigWithProxy struct {
+ HTTPConfig `json:",inline"`
+ ProxyConfig `json:",inline"`
+}
+
+// Validate semantically validates the given HTTPConfigWithProxy.
+func (hc *HTTPConfigWithProxy) Validate() error {
+ if hc == nil {
+ return nil
+ }
+
+ if err := hc.HTTPConfig.Validate(); err != nil {
+ return err
+ }
+
+ return hc.ProxyConfig.Validate()
+}
+
+// HTTPConfigWithoutTLS defines the configuration for the HTTP client.
+type HTTPConfigWithoutTLS struct {
// authorization configures the Authorization header credentials used by
// the client.
//
@@ -60,27 +101,20 @@ type HTTPConfig struct {
// Deprecated: use `authorization` instead.
BearerTokenSecret *v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"`
- // tlsConfig defines the TLS configuration used by the client.
- //
- // +optional
- TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"`
-
- ProxyConfig `json:",inline"`
-
// followRedirects defines whether the client should follow HTTP 3xx
// redirects.
//
// +optional
- FollowRedirects *bool `json:"followRedirects,omitempty"`
+ FollowRedirects *bool `json:"followRedirects,omitempty"` // nolint:kubeapilinter
// enableHttp2 can be used to disable HTTP2.
//
// +optional
- EnableHTTP2 *bool `json:"enableHttp2,omitempty"`
+ EnableHTTP2 *bool `json:"enableHttp2,omitempty"` // nolint:kubeapilinter
}
-// Validate semantically validates the given HTTPConfig.
-func (hc *HTTPConfig) Validate() error {
+// Validate semantically validates the given HTTPConfigWithoutTLS.
+func (hc *HTTPConfigWithoutTLS) Validate() error {
if hc == nil {
return nil
}
@@ -118,13 +152,56 @@ func (hc *HTTPConfig) Validate() error {
return fmt.Errorf("oauth2: %w", err)
}
+ return nil
+}
+
+// HTTPConfig defines the HTTP configuration + TLS configuration (only from
+// secret/configmap references).
+type HTTPConfig struct {
+ HTTPConfigWithoutTLS `json:",inline"`
+
+ // tlsConfig defines the TLS configuration used by the client.
+ //
+ // +optional
+ TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"`
+}
+
+// Validate semantically validates the given HTTPConfig.
+func (hc *HTTPConfig) Validate() error {
+ if hc == nil {
+ return nil
+ }
+
+ if err := hc.HTTPConfigWithoutTLS.Validate(); err != nil {
+ return err
+ }
if err := hc.TLSConfig.Validate(); err != nil {
return fmt.Errorf("tlsConfig: %w", err)
}
- if err := hc.ProxyConfig.Validate(); err != nil {
+ return nil
+}
+
+// HTTPConfigWithTLSFiles defines HTTP configuration + TLS configuration
+// (from secret/configmap references as well as files).
+type HTTPConfigWithTLSFiles struct {
+ HTTPConfigWithoutTLS `json:",inline"`
+
+ // tlsConfig defines TLS configuration used by the client.
+ //
+ // +optional
+ TLSConfig *TLSConfig `json:"tlsConfig,omitempty"`
+}
+
+// Validate semantically validates the given HTTPConfigWithTLSFiles.
+func (c *HTTPConfigWithTLSFiles) Validate() error {
+ if err := c.HTTPConfigWithoutTLS.Validate(); err != nil {
return err
}
+ if err := c.TLSConfig.Validate(); err != nil {
+ return fmt.Errorf("tlsConfig: %w", err)
+ }
+
return nil
}
diff --git a/pkg/apis/monitoring/v1/podmonitor_types.go b/pkg/apis/monitoring/v1/podmonitor_types.go
index 8f439fd11cb..d7da9bdcaa2 100644
--- a/pkg/apis/monitoring/v1/podmonitor_types.go
+++ b/pkg/apis/monitoring/v1/podmonitor_types.go
@@ -267,6 +267,7 @@ type PodMetricsEndpoint struct {
// params define optional HTTP URL parameters.
// +optional
+ //nolint:kubeapilinter
Params map[string][]string `json:"params,omitempty"`
// interval at which Prometheus scrapes the metrics from the target.
@@ -286,13 +287,13 @@ type PodMetricsEndpoint struct {
// honorLabels when true preserves the metric's labels when they collide
// with the target's labels.
// +optional
- HonorLabels bool `json:"honorLabels,omitempty"`
+ HonorLabels bool `json:"honorLabels,omitempty"` // nolint:kubeapilinter
// honorTimestamps defines whether Prometheus preserves the timestamps
// when exposed by the target.
//
// +optional
- HonorTimestamps *bool `json:"honorTimestamps,omitempty"`
+ HonorTimestamps *bool `json:"honorTimestamps,omitempty"` // nolint:kubeapilinter
// trackTimestampsStaleness defines whether Prometheus tracks staleness of
// the metrics that have an explicit timestamp present in scraped data.
@@ -301,7 +302,7 @@ type PodMetricsEndpoint struct {
// It requires Prometheus >= v2.48.0.
//
// +optional
- TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"`
+ TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"` // nolint:kubeapilinter
// metricRelabelings defines the relabeling rules to apply to the
// samples before ingestion.
@@ -329,7 +330,7 @@ type PodMetricsEndpoint struct {
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
//
// +optional
- FilterRunning *bool `json:"filterRunning,omitempty"`
+ FilterRunning *bool `json:"filterRunning,omitempty"` // nolint:kubeapilinter
- HTTPConfig `json:",inline"`
+ HTTPConfigWithProxy `json:",inline"`
}
diff --git a/pkg/apis/monitoring/v1/probe_types.go b/pkg/apis/monitoring/v1/probe_types.go
index 34218f4ca58..dc7ad44ee99 100644
--- a/pkg/apis/monitoring/v1/probe_types.go
+++ b/pkg/apis/monitoring/v1/probe_types.go
@@ -17,7 +17,6 @@ package v1
import (
"errors"
- v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
@@ -75,10 +74,12 @@ type ProbeSpec struct {
// jobName assigned to scraped metrics by default.
// +optional
JobName string `json:"jobName,omitempty"`
+
// prober defines the specification for the prober to use for probing targets.
// The prober.URL parameter is required. Targets cannot be probed if left empty.
// +optional
ProberSpec ProberSpec `json:"prober,omitempty"`
+
// module to use for probing specifying how to probe the target.
// Example module configuring in the blackbox exporter:
// https://github.com/prometheus/blackbox_exporter/blob/master/example.yml
@@ -96,21 +97,7 @@ type ProbeSpec struct {
// The value cannot be greater than the scrape interval otherwise the operator will reject the resource.
// +optional
ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"`
- // tlsConfig defines the TLS configuration to use when scraping the endpoint.
- // +optional
- TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"`
- // bearerTokenSecret defines the secret to mount to read bearer token for scraping targets. The secret
- // needs to be in the same namespace as the probe and accessible by
- // the Prometheus Operator.
- // +optional
- BearerTokenSecret v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"`
- // basicAuth allow an endpoint to authenticate over basic authentication.
- // More info: https://prometheus.io/docs/operating/configuration/#endpoint
- // +optional
- BasicAuth *BasicAuth `json:"basicAuth,omitempty"`
- // oauth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.
- // +optional
- OAuth2 *OAuth2 `json:"oauth2,omitempty"`
+
// metricRelabelings defines the RelabelConfig to apply to samples before ingestion.
// +optional
MetricRelabelConfigs []RelabelConfig `json:"metricRelabelings,omitempty"`
@@ -133,19 +120,23 @@ type ProbeSpec struct {
// +listType=set
// +optional
ScrapeProtocols []ScrapeProtocol `json:"scrapeProtocols,omitempty"`
+
// fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
//
// It requires Prometheus >= v3.0.0.
// +optional
FallbackScrapeProtocol *ScrapeProtocol `json:"fallbackScrapeProtocol,omitempty"`
+
// labelLimit defines the per-scrape limit on number of labels that will be accepted for a sample.
// Only valid in Prometheus versions 2.27.0 and newer.
// +optional
LabelLimit *uint64 `json:"labelLimit,omitempty"`
+
// labelNameLengthLimit defines the per-scrape limit on length of labels name that will be accepted for a sample.
// Only valid in Prometheus versions 2.27.0 and newer.
// +optional
LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"`
+
// labelValueLengthLimit defines the per-scrape limit on length of labels value that will be accepted for a sample.
// Only valid in Prometheus versions 2.27.0 and newer.
// +optional
@@ -153,6 +144,7 @@ type ProbeSpec struct {
// +optional
NativeHistogramConfig `json:",inline"`
+
// keepDroppedTargets defines the per-scrape limit on the number of targets dropped by relabeling
// that will be kept in memory. 0 means no limit.
//
@@ -174,6 +166,8 @@ type ProbeSpec struct {
// +listType=map
// +listMapKey=name
Params []ProbeParam `json:"params,omitempty"`
+
+ HTTPConfig `json:",inline"`
}
// ProbeParam defines specification of extra parameters for a Probe.
@@ -225,6 +219,7 @@ type ProbeTargetStaticConfig struct {
Targets []string `json:"static,omitempty"`
// labels defines all labels assigned to all metrics scraped from the targets.
// +optional
+ //nolint:kubeapilinter
Labels map[string]string `json:"labels,omitempty"`
// relabelingConfigs defines relabelings to be apply to the label set of the targets before it gets
// scraped.
diff --git a/pkg/apis/monitoring/v1/probe_types_test.go b/pkg/apis/monitoring/v1/probe_types_test.go
index 46351373f00..85d777a7725 100644
--- a/pkg/apis/monitoring/v1/probe_types_test.go
+++ b/pkg/apis/monitoring/v1/probe_types_test.go
@@ -89,7 +89,7 @@ func TestMarshallProbe(t *testing.T) {
},
},
}
- expected := `{"metadata":{"name":"test","namespace":"default","labels":{"group":"group1"}},"spec":{"prober":{"url":""},"targets":{"staticConfig":{"static":["prometheus.io"],"labels":{"env":"prometheus"}}},"bearerTokenSecret":{"key":""}}}`
+ expected := `{"metadata":{"name":"test","namespace":"default","labels":{"group":"group1"}},"spec":{"prober":{"url":""},"targets":{"staticConfig":{"static":["prometheus.io"],"labels":{"env":"prometheus"}}}}}`
r, err := json.Marshal(sm)
if err != nil {
@@ -97,6 +97,6 @@ func TestMarshallProbe(t *testing.T) {
}
rs := string(r)
if rs != expected {
- t.Fatalf("Got %s expected: %s ", rs, expected)
+ t.Fatalf("Got %s\nExpected: %s ", rs, expected)
}
}
diff --git a/pkg/apis/monitoring/v1/prometheus_types.go b/pkg/apis/monitoring/v1/prometheus_types.go
index 2122906ac9f..812f6efbc80 100644
--- a/pkg/apis/monitoring/v1/prometheus_types.go
+++ b/pkg/apis/monitoring/v1/prometheus_types.go
@@ -21,7 +21,6 @@ import (
appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
@@ -222,7 +221,7 @@ type CommonPrometheusFields struct {
// paused defines when a Prometheus deployment is paused, no actions except for deletion
// will be performed on the underlying objects.
// +optional
- Paused bool `json:"paused,omitempty"`
+ Paused bool `json:"paused,omitempty"` // nolint:kubeapilinter
// image defines the container image name for Prometheus. If specified, it takes precedence
// over the `spec.baseImage`, `spec.tag` and `spec.sha` fields.
@@ -337,6 +336,7 @@ type CommonPrometheusFields struct {
// Labels defined by `spec.replicaExternalLabelName` and
// `spec.prometheusExternalLabelName` take precedence over this list.
// +optional
+ //nolint:kubeapilinter
ExternalLabels map[string]string `json:"externalLabels,omitempty"`
// enableRemoteWriteReceiver defines the Prometheus to be used as a receiver for the Prometheus remote
@@ -350,7 +350,7 @@ type CommonPrometheusFields struct {
//
// It requires Prometheus >= v2.33.0.
// +optional
- EnableRemoteWriteReceiver bool `json:"enableRemoteWriteReceiver,omitempty"`
+ EnableRemoteWriteReceiver bool `json:"enableRemoteWriteReceiver,omitempty"` // nolint:kubeapilinter
// enableOTLPReceiver defines the Prometheus to be used as a receiver for the OTLP Metrics protocol.
//
@@ -358,7 +358,7 @@ type CommonPrometheusFields struct {
//
// It requires Prometheus >= v2.47.0.
// +optional
- EnableOTLPReceiver *bool `json:"enableOTLPReceiver,omitempty"`
+ EnableOTLPReceiver *bool `json:"enableOTLPReceiver,omitempty"` // nolint:kubeapilinter
// remoteWriteReceiverMessageVersions list of the protobuf message versions to accept when receiving the
// remote writes.
@@ -430,6 +430,7 @@ type CommonPrometheusFields struct {
// nodeSelector defines on which Nodes the Pods are scheduled.
// +optional
+ //nolint:kubeapilinter
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// serviceAccountName is the name of the ServiceAccount to use to run the
@@ -443,7 +444,7 @@ type CommonPrometheusFields struct {
// **Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.
// It is possible to use strategic merge patch to project the service account token into the 'prometheus' container.
// +optional
- AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"`
+ AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"` // nolint:kubeapilinter
// secrets defines a list of Secrets in the same namespace as the Prometheus
// object, which shall be mounted into the Prometheus Pods.
@@ -497,11 +498,33 @@ type CommonPrometheusFields struct {
// instead of the Pod IP's address.
//
// +optional
- ListenLocal bool `json:"listenLocal,omitempty"`
+ ListenLocal bool `json:"listenLocal,omitempty"` // nolint:kubeapilinter
+
+ // podManagementPolicy defines the policy for creating/deleting pods when
+ // scaling up and down.
+ //
+ // Unlike the default StatefulSet behavior, the default policy is
+ // `Parallel` to avoid manual intervention in case a pod gets stuck during
+ // a rollout.
+ //
+ // Note that updating this value implies the recreation of the StatefulSet
+ // which incurs a service outage.
+ //
+ // +optional
+ PodManagementPolicy *PodManagementPolicyType `json:"podManagementPolicy,omitempty"`
+
+ // updateStrategy indicates the strategy that will be employed to update
+ // Pods in the StatefulSet when a revision is made to statefulset's Pod
+ // Template.
+ //
+ // The default strategy is RollingUpdate.
+ //
+ // +optional
+ UpdateStrategy *StatefulSetUpdateStrategy `json:"updateStrategy,omitempty"`
// enableServiceLinks defines whether information about services should be injected into pod's environment variables
// +optional
- EnableServiceLinks *bool `json:"enableServiceLinks,omitempty"`
+ EnableServiceLinks *bool `json:"enableServiceLinks,omitempty"` // nolint:kubeapilinter
// containers allows injecting additional containers or modifying operator
// generated containers. This can be used to allow adding an authentication
@@ -588,19 +611,19 @@ type CommonPrometheusFields struct {
// In practice,`OverrideHonorLabels:true` enforces `honorLabels:false`
// for all ServiceMonitor, PodMonitor and ScrapeConfig objects.
// +optional
- OverrideHonorLabels bool `json:"overrideHonorLabels,omitempty"`
+ OverrideHonorLabels bool `json:"overrideHonorLabels,omitempty"` // nolint:kubeapilinter
// overrideHonorTimestamps when true, Prometheus ignores the timestamps for all the targets created
// from service and pod monitors.
// Otherwise the HonorTimestamps field of the service or pod monitor applies.
// +optional
- OverrideHonorTimestamps bool `json:"overrideHonorTimestamps,omitempty"`
+ OverrideHonorTimestamps bool `json:"overrideHonorTimestamps,omitempty"` // nolint:kubeapilinter
// ignoreNamespaceSelectors when true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor
// and Probe objects will be ignored. They will only discover targets
// within the namespace of the PodMonitor, ServiceMonitor and Probe
// object.
// +optional
- IgnoreNamespaceSelectors bool `json:"ignoreNamespaceSelectors,omitempty"`
+ IgnoreNamespaceSelectors bool `json:"ignoreNamespaceSelectors,omitempty"` // nolint:kubeapilinter
// enforcedNamespaceLabel when not empty, a label will be added to:
//
@@ -755,7 +778,13 @@ type CommonPrometheusFields struct {
// It requires Prometheus >= v3.4.0.
//
// +optional
- ConvertClassicHistogramsToNHCB *bool `json:"convertClassicHistogramsToNHCB,omitempty"`
+ ConvertClassicHistogramsToNHCB *bool `json:"convertClassicHistogramsToNHCB,omitempty"` // nolint:kubeapilinter
+
+ // scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ // It requires Prometheus >= v3.8.0.
+ //
+ // +optional
+ ScrapeNativeHistograms *bool `json:"scrapeNativeHistograms,omitempty"` // nolint:kubeapilinter
// scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram.
//
@@ -764,7 +793,7 @@ type CommonPrometheusFields struct {
// It requires Prometheus >= v3.5.0.
//
// +optional
- ScrapeClassicHistograms *bool `json:"scrapeClassicHistograms,omitempty"`
+ ScrapeClassicHistograms *bool `json:"scrapeClassicHistograms,omitempty"` // nolint:kubeapilinter
// minReadySeconds defines the minimum number of seconds for which a newly created Pod should be ready
// without any of its container crashing for it to be considered available.
@@ -804,7 +833,7 @@ type CommonPrometheusFields struct {
// Requires Prometheus v2.11.0 and above.
//
// +optional
- WALCompression *bool `json:"walCompression,omitempty"`
+ WALCompression *bool `json:"walCompression,omitempty"` // nolint:kubeapilinter
// excludedFromEnforcement defines the list of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects
// to be excluded from enforcing a namespace label of origin.
@@ -824,7 +853,7 @@ type CommonPrometheusFields struct {
// to a different value).
//
// +optional
- HostNetwork bool `json:"hostNetwork,omitempty"`
+ HostNetwork bool `json:"hostNetwork,omitempty"` // nolint:kubeapilinter
// podTargetLabels are appended to the `spec.podTargetLabels` field of all
// PodMonitor and ServiceMonitor objects.
@@ -838,7 +867,7 @@ type CommonPrometheusFields struct {
// in a breaking way.
//
// +optional
- TracingConfig *PrometheusTracingConfig `json:"tracingConfig,omitempty"`
+ TracingConfig *TracingConfig `json:"tracingConfig,omitempty"`
// bodySizeLimit defines per-scrape on response body size.
// Only valid in Prometheus versions 2.45.0 and newer.
//
@@ -981,7 +1010,7 @@ type CommonPrometheusFields struct {
// Starting Kubernetes 1.33, the feature is enabled by default.
//
// +optional
- HostUsers *bool `json:"hostUsers,omitempty"`
+ HostUsers *bool `json:"hostUsers,omitempty"` // nolint:kubeapilinter
}
// Specifies the validation scheme for metric and label names.
@@ -1162,7 +1191,7 @@ type PrometheusSpec struct {
// When `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically
// disables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends).
// +optional
- DisableCompaction bool `json:"disableCompaction,omitempty"`
+ DisableCompaction bool `json:"disableCompaction,omitempty"` // nolint:kubeapilinter
// rules defines the configuration of the Prometheus rules' engine.
// +optional
@@ -1252,7 +1281,7 @@ type PrometheusSpec struct {
//
// Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.
// +optional
- AllowOverlappingBlocks bool `json:"allowOverlappingBlocks,omitempty"`
+ AllowOverlappingBlocks bool `json:"allowOverlappingBlocks,omitempty"` // nolint:kubeapilinter
// exemplars related settings that are runtime reloadable.
// It requires to enable the `exemplar-storage` feature flag to be effective.
@@ -1280,7 +1309,7 @@ type PrometheusSpec struct {
// For more information:
// https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
// +optional
- EnableAdminAPI bool `json:"enableAdminAPI,omitempty"`
+ EnableAdminAPI bool `json:"enableAdminAPI,omitempty"` // nolint:kubeapilinter
}
type WhenScaledRetentionType string
@@ -1311,43 +1340,6 @@ type ShardRetentionPolicy struct {
Retain *RetainConfig `json:"retain,omitempty"`
}
-type PrometheusTracingConfig struct {
- // clientType defines the client used to export the traces. Supported values are `http` or `grpc`.
- // +kubebuilder:validation:Enum=http;grpc
- // +optional
- ClientType *string `json:"clientType"`
-
- // endpoint to send the traces to. Should be provided in format :.
- // +kubebuilder:validation:MinLength:=1
- // +required
- Endpoint string `json:"endpoint"`
-
- // samplingFraction defines the probability a given trace will be sampled. Must be a float from 0 through 1.
- // +optional
- SamplingFraction *resource.Quantity `json:"samplingFraction"`
-
- // insecure if disabled, the client will use a secure connection.
- // +optional
- Insecure *bool `json:"insecure"`
-
- // headers defines the key-value pairs to be used as headers associated with gRPC or HTTP requests.
- // +optional
- Headers map[string]string `json:"headers"`
-
- // compression key for supported compression types. The only supported value is `gzip`.
- // +kubebuilder:validation:Enum=gzip
- // +optional
- Compression *string `json:"compression"`
-
- // timeout defines the maximum time the exporter will wait for each batch export.
- // +optional
- Timeout *Duration `json:"timeout"`
-
- // tlsConfig to use when sending traces.
- // +optional
- TLSConfig *TLSConfig `json:"tlsConfig"`
-}
-
// PrometheusStatus is the most recent observed status of the Prometheus cluster.
// More info:
// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
@@ -1356,7 +1348,7 @@ type PrometheusStatus struct {
// paused defines whether any actions on the underlying managed objects are
// being performed. Only delete actions will be performed.
// +optional
- Paused bool `json:"paused"`
+ Paused bool `json:"paused"` // nolint:kubeapilinter
// replicas defines the total number of non-terminated pods targeted by this Prometheus deployment
// (their labels match the selector).
// +optional
@@ -1410,7 +1402,7 @@ type AlertingSpec struct {
type StorageSpec struct {
// disableMountSubPath deprecated: subPath usage will be removed in a future release.
// +optional
- DisableMountSubPath bool `json:"disableMountSubPath,omitempty"`
+ DisableMountSubPath bool `json:"disableMountSubPath,omitempty"` // nolint:kubeapilinter
// emptyDir to be used by the StatefulSet.
// If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.
// More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
@@ -1522,21 +1514,21 @@ type ThanosSpec struct {
// listenLocal is deprecated: use `grpcListenLocal` and `httpListenLocal` instead.
// +optional
- ListenLocal bool `json:"listenLocal,omitempty"`
+ ListenLocal bool `json:"listenLocal,omitempty"` // nolint:kubeapilinter
// grpcListenLocal defines when true, the Thanos sidecar listens on the loopback interface instead
// of the Pod IP's address for the gRPC endpoints.
//
// It has no effect if `listenLocal` is true.
// +optional
- GRPCListenLocal bool `json:"grpcListenLocal,omitempty"`
+ GRPCListenLocal bool `json:"grpcListenLocal,omitempty"` // nolint:kubeapilinter
// httpListenLocal when true, the Thanos sidecar listens on the loopback interface instead
// of the Pod IP's address for the HTTP endpoints.
//
// It has no effect if `listenLocal` is true.
// +optional
- HTTPListenLocal bool `json:"httpListenLocal,omitempty"`
+ HTTPListenLocal bool `json:"httpListenLocal,omitempty"` // nolint:kubeapilinter
// tracingConfig defines the tracing configuration for the Thanos sidecar.
//
@@ -1663,7 +1655,7 @@ type RemoteWriteSpec struct {
// It requires Prometheus >= v2.27.0 or Thanos >= v0.24.0.
//
// +optional
- SendExemplars *bool `json:"sendExemplars,omitempty"`
+ SendExemplars *bool `json:"sendExemplars,omitempty"` // nolint:kubeapilinter
// sendNativeHistograms enables sending of native histograms, also known as sparse histograms
// over remote write.
@@ -1671,7 +1663,7 @@ type RemoteWriteSpec struct {
// It requires Prometheus >= v2.40.0 or Thanos >= v0.30.0.
//
// +optional
- SendNativeHistograms *bool `json:"sendNativeHistograms,omitempty"`
+ SendNativeHistograms *bool `json:"sendNativeHistograms,omitempty"` // nolint:kubeapilinter
// remoteTimeout defines the timeout for requests to the remote write endpoint.
// +optional
@@ -1683,6 +1675,7 @@ type RemoteWriteSpec struct {
// It requires Prometheus >= v2.25.0 or Thanos >= v0.24.0.
//
// +optional
+ //nolint:kubeapilinter
Headers map[string]string `json:"headers,omitempty"`
// writeRelabelConfigs defines the list of remote write relabel configurations.
@@ -1757,7 +1750,7 @@ type RemoteWriteSpec struct {
// It requires Prometheus >= v2.26.0 or Thanos >= v0.24.0.
//
// +optional
- FollowRedirects *bool `json:"followRedirects,omitempty"`
+ FollowRedirects *bool `json:"followRedirects,omitempty"` // nolint:kubeapilinter
// queueConfig allows tuning of the remote write queue parameters.
// +optional
@@ -1773,7 +1766,7 @@ type RemoteWriteSpec struct {
// enableHTTP2 defines whether to enable HTTP2.
// +optional
- EnableHttp2 *bool `json:"enableHTTP2,omitempty"`
+ EnableHttp2 *bool `json:"enableHTTP2,omitempty"` // nolint:kubeapilinter
// roundRobinDNS controls the DNS resolution behavior for remote-write connections.
// When enabled:
@@ -1791,7 +1784,7 @@ type RemoteWriteSpec struct {
// It requires Prometheus >= v3.1.0 or Thanos >= v0.38.0.
//
// +optional
- RoundRobinDNS *bool `json:"roundRobinDNS,omitempty"`
+ RoundRobinDNS *bool `json:"roundRobinDNS,omitempty"` // nolint:kubeapilinter
}
// +kubebuilder:validation:Enum=V1.0;V2.0
@@ -1838,7 +1831,7 @@ type QueueConfig struct {
// This is an *experimental feature*, it may change in any upcoming release
// in a breaking way.
// +optional
- RetryOnRateLimit bool `json:"retryOnRateLimit,omitempty"`
+ RetryOnRateLimit bool `json:"retryOnRateLimit,omitempty"` // nolint:kubeapilinter
// sampleAgeLimit drops samples older than the limit.
// It requires Prometheus >= v2.50.0 or Thanos >= v0.32.0.
//
@@ -1871,7 +1864,7 @@ type Sigv4 struct {
// It requires Prometheus >= v2.54.0.
//
// +optional
- UseFIPSSTSEndpoint *bool `json:"useFIPSSTSEndpoint,omitempty"`
+ UseFIPSSTSEndpoint *bool `json:"useFIPSSTSEndpoint,omitempty"` // nolint:kubeapilinter
}
// AzureAD defines the configuration for remote write's azuread parameters.
@@ -1882,11 +1875,11 @@ type AzureAD struct {
// +optional
Cloud *string `json:"cloud,omitempty"`
// managedIdentity defines the Azure User-assigned Managed identity.
- // Cannot be set at the same time as `oauth` or `sdk`.
+ // Cannot be set at the same time as `oauth`, `sdk` or `workloadIdentity`.
// +optional
ManagedIdentity *ManagedIdentity `json:"managedIdentity,omitempty"`
// oauth defines the oauth config that is being used to authenticate.
- // Cannot be set at the same time as `managedIdentity` or `sdk`.
+ // Cannot be set at the same time as `managedIdentity`, `sdk` or `workloadIdentity`.
//
// It requires Prometheus >= v2.48.0 or Thanos >= v0.31.0.
//
@@ -1894,11 +1887,22 @@ type AzureAD struct {
OAuth *AzureOAuth `json:"oauth,omitempty"`
// sdk defines the Azure SDK config that is being used to authenticate.
// See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication
- // Cannot be set at the same time as `oauth` or `managedIdentity`.
+ // Cannot be set at the same time as `oauth`, `managedIdentity` or `workloadIdentity`.
//
// It requires Prometheus >= v2.52.0 or Thanos >= v0.36.0.
// +optional
SDK *AzureSDK `json:"sdk,omitempty"`
+ // workloadIdentity defines the Azure Workload Identity authentication.
+ // Cannot be set at the same time as `oauth`, `managedIdentity`, or `sdk`.
+ //
+ // It requires Prometheus >= 3.7.0. Currently not supported by Thanos.
+ // +optional
+ WorkloadIdentity *AzureWorkloadIdentity `json:"workloadIdentity,omitempty"`
+ // scope is the custom OAuth 2.0 scope to request when acquiring tokens.
+ // It requires Prometheus >= 3.9.0. Currently not supported by Thanos.
+ // +kubebuilder:validation:Pattern=`^[\w\s:/.\\-]+$`
+ // +optional
+ Scope *string `json:"scope,omitempty"`
}
// AzureOAuth defines the Azure OAuth settings.
@@ -1938,6 +1942,19 @@ type AzureSDK struct {
TenantID *string `json:"tenantId,omitempty"`
}
+// AzureWorkloadIdentity defines the Azure Workload Identity authentication configuration.
+type AzureWorkloadIdentity struct {
+ // clientId is the clientID of the Azure Active Directory application.
+ // +kubebuilder:validation:MinLength=1
+ // +required
+ ClientID string `json:"clientId"`
+
+ // tenantId is the tenant ID of the Azure Active Directory application.
+ // +kubebuilder:validation:MinLength=1
+ // +required
+ TenantID string `json:"tenantId"`
+}
+
// RemoteReadSpec defines the configuration for Prometheus to read back samples
// from a remote endpoint.
// +k8s:openapi-gen=true
@@ -1958,6 +1975,7 @@ type RemoteReadSpec struct {
// requiredMatchers defines an optional list of equality matchers which have to be present
// in a selector to query the remote read endpoint.
// +optional
+ //nolint:kubeapilinter
RequiredMatchers map[string]string `json:"requiredMatchers,omitempty"`
// remoteTimeout defines the timeout for requests to the remote read endpoint.
@@ -1968,12 +1986,13 @@ type RemoteReadSpec struct {
// Be aware that headers that are set by Prometheus itself can't be overwritten.
// Only valid in Prometheus versions 2.26.0 and newer.
// +optional
+ //nolint:kubeapilinter
Headers map[string]string `json:"headers,omitempty"`
// readRecent defines whether reads should be made for queries for time ranges that
// the local storage should have complete data for.
// +optional
- ReadRecent bool `json:"readRecent,omitempty"`
+ ReadRecent bool `json:"readRecent,omitempty"` // nolint:kubeapilinter
// oauth2 configuration for the URL.
//
@@ -2023,14 +2042,14 @@ type RemoteReadSpec struct {
// It requires Prometheus >= v2.26.0.
//
// +optional
- FollowRedirects *bool `json:"followRedirects,omitempty"`
+ FollowRedirects *bool `json:"followRedirects,omitempty"` // nolint:kubeapilinter
// filterExternalLabels defines whether to use the external labels as selectors for the remote read endpoint.
//
// It requires Prometheus >= v2.34.0.
//
// +optional
- FilterExternalLabels *bool `json:"filterExternalLabels,omitempty"`
+ FilterExternalLabels *bool `json:"filterExternalLabels,omitempty"` // nolint:kubeapilinter
}
// RelabelConfig allows dynamic rewriting of the label set for targets, alerts,
@@ -2240,7 +2259,7 @@ type AlertmanagerEndpoints struct {
// enableHttp2 defines whether to enable HTTP2.
//
// +optional
- EnableHttp2 *bool `json:"enableHttp2,omitempty"`
+ EnableHttp2 *bool `json:"enableHttp2,omitempty"` // nolint:kubeapilinter
// relabelings defines the relabel configuration applied to the discovered Alertmanagers.
//
@@ -2290,7 +2309,7 @@ type MetadataConfig struct {
// send defines whether metric metadata is sent to the remote storage or not.
//
// +optional
- Send bool `json:"send,omitempty"`
+ Send bool `json:"send,omitempty"` // nolint:kubeapilinter
// sendInterval defines how frequently metric metadata is sent to the remote storage.
//
@@ -2429,7 +2448,7 @@ type ScrapeClass struct {
// Only one scrape class can be set as the default.
//
// +optional
- Default *bool `json:"default,omitempty"`
+ Default *bool `json:"default,omitempty"` // nolint:kubeapilinter
// fallbackScrapeProtocol defines the protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
// It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol
@@ -2510,7 +2529,7 @@ type OTLPConfig struct {
// Cannot be true when `promoteResourceAttributes` is defined.
// It requires Prometheus >= v3.5.0.
// +optional
- PromoteAllResourceAttributes *bool `json:"promoteAllResourceAttributes,omitempty"`
+ PromoteAllResourceAttributes *bool `json:"promoteAllResourceAttributes,omitempty"` // nolint:kubeapilinter
// ignoreResourceAttributes defines the list of OpenTelemetry resource attributes to ignore when `promoteAllResourceAttributes` is true.
//
@@ -2542,18 +2561,18 @@ type OTLPConfig struct {
//
// It requires Prometheus >= v3.1.0.
// +optional
- KeepIdentifyingResourceAttributes *bool `json:"keepIdentifyingResourceAttributes,omitempty"`
+ KeepIdentifyingResourceAttributes *bool `json:"keepIdentifyingResourceAttributes,omitempty"` // nolint:kubeapilinter
// convertHistogramsToNHCB defines optional translation of OTLP explicit bucket histograms into native histograms with custom buckets.
// It requires Prometheus >= v3.4.0.
// +optional
- ConvertHistogramsToNHCB *bool `json:"convertHistogramsToNHCB,omitempty"`
+ ConvertHistogramsToNHCB *bool `json:"convertHistogramsToNHCB,omitempty"` // nolint:kubeapilinter
// promoteScopeMetadata controls whether to promote OpenTelemetry scope metadata (i.e. name, version, schema URL, and attributes) to metric labels.
// As per the OpenTelemetry specification, the aforementioned scope metadata should be identifying, i.e. made into metric labels.
// It requires Prometheus >= v3.6.0.
// +optional
- PromoteScopeMetadata *bool `json:"promoteScopeMetadata,omitempty"`
+ PromoteScopeMetadata *bool `json:"promoteScopeMetadata,omitempty"` // nolint:kubeapilinter
}
// Validate semantically validates the given OTLPConfig section.
diff --git a/pkg/apis/monitoring/v1/prometheusrule_types.go b/pkg/apis/monitoring/v1/prometheusrule_types.go
index 576f8d38925..439b57c53f6 100644
--- a/pkg/apis/monitoring/v1/prometheusrule_types.go
+++ b/pkg/apis/monitoring/v1/prometheusrule_types.go
@@ -88,6 +88,7 @@ type RuleGroup struct {
// It requires Prometheus >= 3.0.0.
// The field is ignored for Thanos Ruler.
// +optional
+ //nolint:kubeapilinter
Labels map[string]string `json:"labels,omitempty"`
// interval defines how often rules in the group are evaluated.
// +optional
@@ -141,10 +142,12 @@ type Rule struct {
KeepFiringFor *NonEmptyDuration `json:"keep_firing_for,omitempty"`
// labels defines labels to add or overwrite.
// +optional
+ //nolint:kubeapilinter
Labels map[string]string `json:"labels,omitempty"`
// annotations defines annotations to add to each alert.
// Only valid for alerting rules.
// +optional
+ //nolint:kubeapilinter
Annotations map[string]string `json:"annotations,omitempty"`
}
diff --git a/pkg/apis/monitoring/v1/thanos_types.go b/pkg/apis/monitoring/v1/thanos_types.go
index 434664c23bb..49dd72f0bd5 100644
--- a/pkg/apis/monitoring/v1/thanos_types.go
+++ b/pkg/apis/monitoring/v1/thanos_types.go
@@ -111,7 +111,7 @@ type ThanosRulerSpec struct {
// paused defines when a ThanosRuler deployment is paused, no actions except for deletion
// will be performed on the underlying objects.
// +optional
- Paused bool `json:"paused,omitempty"`
+ Paused bool `json:"paused,omitempty"` // nolint:kubeapilinter
// replicas defines the number of thanos ruler instances to deploy.
// +optional
@@ -119,6 +119,7 @@ type ThanosRulerSpec struct {
// nodeSelector defines which Nodes the Pods are scheduled on.
// +optional
+ //nolint:kubeapilinter
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// resources defines the resource requirements for single Pods.
@@ -154,7 +155,7 @@ type ThanosRulerSpec struct {
// enableServiceLinks defines whether information about services should be injected into pod's environment variables
// +optional
- EnableServiceLinks *bool `json:"enableServiceLinks,omitempty"`
+ EnableServiceLinks *bool `json:"enableServiceLinks,omitempty"` // nolint:kubeapilinter
// priorityClassName defines the priority class assigned to the Pods
// +optional
@@ -210,7 +211,29 @@ type ThanosRulerSpec struct {
// listenLocal defines the Thanos ruler listen on loopback, so that it
// does not bind against the Pod IP.
// +optional
- ListenLocal bool `json:"listenLocal,omitempty"`
+ ListenLocal bool `json:"listenLocal,omitempty"` // nolint:kubeapilinter
+
+ // podManagementPolicy defines the policy for creating/deleting pods when
+ // scaling up and down.
+ //
+ // Unlike the default StatefulSet behavior, the default policy is
+ // `Parallel` to avoid manual intervention in case a pod gets stuck during
+ // a rollout.
+ //
+ // Note that updating this value implies the recreation of the StatefulSet
+ // which incurs a service outage.
+ //
+ // +optional
+ PodManagementPolicy *PodManagementPolicyType `json:"podManagementPolicy,omitempty"`
+
+ // updateStrategy indicates the strategy that will be employed to update
+ // Pods in the StatefulSet when a revision is made to statefulset's Pod
+ // Template.
+ //
+ // The default strategy is RollingUpdate.
+ //
+ // +optional
+ UpdateStrategy *StatefulSetUpdateStrategy `json:"updateStrategy,omitempty"`
// queryEndpoints defines the list of Thanos Query endpoints from which to query metrics.
//
@@ -395,6 +418,7 @@ type ThanosRulerSpec struct {
// label with the value of the pod's name.
//
// +optional
+ //nolint:kubeapilinter
Labels map[string]string `json:"labels,omitempty"`
// alertDropLabels defines the label names which should be dropped in Thanos Ruler
@@ -523,7 +547,7 @@ type ThanosRulerSpec struct {
// Starting Kubernetes 1.33, the feature is enabled by default.
//
// +optional
- HostUsers *bool `json:"hostUsers,omitempty"`
+ HostUsers *bool `json:"hostUsers,omitempty"` // nolint:kubeapilinter
}
// ThanosRulerWebSpec defines the configuration of the ThanosRuler web server.
@@ -541,7 +565,7 @@ type ThanosRulerStatus struct {
// paused defines whether any actions on the underlying managed objects are
// being performed. Only delete actions will be performed.
// +optional
- Paused bool `json:"paused"`
+ Paused bool `json:"paused"` // nolint:kubeapilinter
// replicas defines the total number of non-terminated pods targeted by this ThanosRuler deployment
// (their labels match the selector).
// +optional
diff --git a/pkg/apis/monitoring/v1/tls_types.go b/pkg/apis/monitoring/v1/tls_types.go
new file mode 100644
index 00000000000..51e6835279f
--- /dev/null
+++ b/pkg/apis/monitoring/v1/tls_types.go
@@ -0,0 +1,173 @@
+// Copyright 2025 The prometheus-operator Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+ "fmt"
+ "reflect"
+ "strings"
+
+ v1 "k8s.io/api/core/v1"
+)
+
+// +kubebuilder:validation:Enum=TLS10;TLS11;TLS12;TLS13
+type TLSVersion string
+
+const (
+ TLSVersion10 TLSVersion = "TLS10"
+ TLSVersion11 TLSVersion = "TLS11"
+ TLSVersion12 TLSVersion = "TLS12"
+ TLSVersion13 TLSVersion = "TLS13"
+)
+
+// TLSConfig defines full TLS configuration.
+type TLSConfig struct {
+ SafeTLSConfig `json:",inline"`
+ TLSFilesConfig `json:",inline"`
+}
+
+// Validate semantically validates the given TLSConfig.
+func (c *TLSConfig) Validate() error {
+ if c == nil {
+ return nil
+ }
+
+ if !reflect.ValueOf(c.CA).IsZero() {
+ if c.CAFile != "" {
+ return fmt.Errorf("cannot specify both 'caFile' and 'ca'")
+ }
+
+ if err := c.CA.Validate(); err != nil {
+ return fmt.Errorf("ca: %w", err)
+ }
+ }
+
+ hasCert := !reflect.ValueOf(c.Cert).IsZero()
+ if hasCert {
+ if c.CertFile != "" {
+ return fmt.Errorf("cannot specify both 'certFile' and 'cert'")
+ }
+
+ if err := c.Cert.Validate(); err != nil {
+ return fmt.Errorf("cert: %w", err)
+ }
+ }
+
+ if c.KeyFile != "" && c.KeySecret != nil {
+ return fmt.Errorf("cannot specify both 'keyFile' and 'keySecret'")
+ }
+
+ hasCert = hasCert || c.CertFile != ""
+ hasKey := c.KeyFile != "" || c.KeySecret != nil
+
+ if hasCert && !hasKey {
+ return fmt.Errorf("cannot specify client cert without client key")
+ }
+
+ if hasKey && !hasCert {
+ return fmt.Errorf("cannot specify client key without client cert")
+ }
+
+ if c.MaxVersion != nil && c.MinVersion != nil && strings.Compare(string(*c.MaxVersion), string(*c.MinVersion)) == -1 {
+ return fmt.Errorf("'maxVersion' must greater than or equal to 'minVersion'")
+ }
+
+ return nil
+}
+
+// SafeTLSConfig defines safe TLS configurations.
+// +k8s:openapi-gen=true
+type SafeTLSConfig struct {
+ // ca defines the Certificate authority used when verifying server certificates.
+ // +optional
+ CA SecretOrConfigMap `json:"ca,omitempty"`
+
+ // cert defines the Client certificate to present when doing client-authentication.
+ // +optional
+ Cert SecretOrConfigMap `json:"cert,omitempty"`
+
+ // keySecret defines the Secret containing the client key file for the targets.
+ // +optional
+ KeySecret *v1.SecretKeySelector `json:"keySecret,omitempty"`
+
+ // serverName is used to verify the hostname for the targets.
+ // +optional
+ ServerName *string `json:"serverName,omitempty"`
+
+ // insecureSkipVerify defines how to disable target certificate validation.
+ // +optional
+ InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"` // nolint:kubeapilinter
+
+ // minVersion defines the minimum acceptable TLS version.
+ //
+ // It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.
+ // +optional
+ MinVersion *TLSVersion `json:"minVersion,omitempty"`
+
+ // maxVersion defines the maximum acceptable TLS version.
+ //
+ // It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.
+ // +optional
+ MaxVersion *TLSVersion `json:"maxVersion,omitempty"`
+}
+
+// Validate semantically validates the given SafeTLSConfig.
+func (c *SafeTLSConfig) Validate() error {
+ if c == nil {
+ return nil
+ }
+
+ if c.CA != (SecretOrConfigMap{}) {
+ if err := c.CA.Validate(); err != nil {
+ return fmt.Errorf("ca %s: %w", c.CA.String(), err)
+ }
+ }
+
+ if c.Cert != (SecretOrConfigMap{}) {
+ if err := c.Cert.Validate(); err != nil {
+ return fmt.Errorf("cert %s: %w", c.Cert.String(), err)
+ }
+ }
+
+ if c.Cert != (SecretOrConfigMap{}) && c.KeySecret == nil {
+ return fmt.Errorf("client cert specified without client key")
+ }
+
+ if c.KeySecret != nil && c.Cert == (SecretOrConfigMap{}) {
+ return fmt.Errorf("client key specified without client cert")
+ }
+
+ if c.MaxVersion != nil && c.MinVersion != nil && strings.Compare(string(*c.MaxVersion), string(*c.MinVersion)) == -1 {
+ return fmt.Errorf("maxVersion must more than or equal to minVersion")
+ }
+
+ return nil
+}
+
+// TLSFilesConfig extends the TLS configuration with file parameters.
+// +k8s:openapi-gen=true
+type TLSFilesConfig struct {
+ // caFile defines the path to the CA cert in the Prometheus container to use for the targets.
+ // +optional
+ CAFile string `json:"caFile,omitempty"`
+ // certFile defines the path to the client cert file in the Prometheus container for the targets.
+ // +optional
+ CertFile string `json:"certFile,omitempty"`
+ // keyFile defines the path to the client key file in the Prometheus container for the targets.
+ // +optional
+ KeyFile string `json:"keyFile,omitempty"`
+}
+
+//
diff --git a/pkg/apis/monitoring/v1/types.go b/pkg/apis/monitoring/v1/types.go
index bddbed14bb6..2f1cd1f1e6e 100644
--- a/pkg/apis/monitoring/v1/types.go
+++ b/pkg/apis/monitoring/v1/types.go
@@ -109,14 +109,14 @@ type ProxyConfig struct {
//
// It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
// +optional
- ProxyFromEnvironment *bool `json:"proxyFromEnvironment,omitempty"`
+ ProxyFromEnvironment *bool `json:"proxyFromEnvironment,omitempty"` // nolint:kubeapilinter
// proxyConnectHeader optionally specifies headers to send to
// proxies during CONNECT requests.
//
// It requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.
// +optional
// +mapType:=atomic
- ProxyConnectHeader map[string][]v1.SecretKeySelector `json:"proxyConnectHeader,omitempty"`
+ ProxyConnectHeader map[string][]v1.SecretKeySelector `json:"proxyConnectHeader,omitempty"` //nolint:kubeapilinter
}
// Validate semantically validates the given ProxyConfig.
@@ -227,7 +227,7 @@ type ArbitraryFSAccessThroughSMsConfig struct {
// Setting this to true enhances security by preventing potential credential theft attacks.
//
// +optional
- Deny bool `json:"deny,omitempty"`
+ Deny bool `json:"deny,omitempty"` // nolint:kubeapilinter
}
// Condition represents the state of the resources associated with the
@@ -330,6 +330,7 @@ type EmbeddedObjectMetadata struct {
// and services.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
// +optional
+ //nolint:kubeapilinter
Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,11,rep,name=labels"`
// annotations defines an unstructured key value map stored with a resource that may be
@@ -337,6 +338,7 @@ type EmbeddedObjectMetadata struct {
// queryable and should be preserved when modifying objects.
// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
// +optional
+ //nolint:kubeapilinter
Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,12,rep,name=annotations"`
}
@@ -358,7 +360,7 @@ type WebHTTPConfig struct {
// When TLSConfig is not configured, HTTP/2 will be disabled.
// Whenever the value of the field changes, a rolling update will be triggered.
// +optional
- HTTP2 *bool `json:"http2,omitempty"`
+ HTTP2 *bool `json:"http2,omitempty"` // nolint:kubeapilinter
// headers defines a list of headers that can be added to HTTP responses.
// +optional
Headers *WebHTTPHeaders `json:"headers,omitempty"`
@@ -483,7 +485,7 @@ type WebTLSConfig struct {
// the order of elements in cipherSuites, is used.
//
// +optional
- PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty"`
+ PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty"` // nolint:kubeapilinter
// curvePreferences defines elliptic curves that will be used in an ECDHE handshake, in preference
// order.
@@ -572,6 +574,7 @@ type Endpoint struct {
// params define optional HTTP URL parameters.
// +optional
+ //nolint:kubeapilinter
Params map[string][]string `json:"params,omitempty"`
// interval at which Prometheus scrapes the metrics from the target.
@@ -588,44 +591,16 @@ type Endpoint struct {
// +optional
ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"`
- // tlsConfig defines the TLS configuration to use when scraping the target.
- //
- // +optional
- TLSConfig *TLSConfig `json:"tlsConfig,omitempty"`
-
- // bearerTokenFile defines the file to read bearer token for scraping the target.
- //
- // Deprecated: use `authorization` instead.
- // +optional
- BearerTokenFile string `json:"bearerTokenFile,omitempty"`
-
- // bearerTokenSecret defines a key of a Secret containing the bearer
- // token for scraping targets. The secret needs to be in the same namespace
- // as the ServiceMonitor object and readable by the Prometheus Operator.
- //
- // +optional
- //
- // Deprecated: use `authorization` instead.
- BearerTokenSecret *v1.SecretKeySelector `json:"bearerTokenSecret,omitempty"`
-
- // authorization configures the Authorization header credentials to use when
- // scraping the target.
- //
- // Cannot be set at the same time as `basicAuth`, or `oauth2`.
- //
- // +optional
- Authorization *SafeAuthorization `json:"authorization,omitempty"`
-
// honorLabels defines when true the metric's labels when they collide
// with the target's labels.
// +optional
- HonorLabels bool `json:"honorLabels,omitempty"`
+ HonorLabels bool `json:"honorLabels,omitempty"` // nolint:kubeapilinter
// honorTimestamps defines whether Prometheus preserves the timestamps
// when exposed by the target.
//
// +optional
- HonorTimestamps *bool `json:"honorTimestamps,omitempty"`
+ HonorTimestamps *bool `json:"honorTimestamps,omitempty"` // nolint:kubeapilinter
// trackTimestampsStaleness defines whether Prometheus tracks staleness of
// the metrics that have an explicit timestamp present in scraped data.
@@ -634,24 +609,7 @@ type Endpoint struct {
// It requires Prometheus >= v2.48.0.
//
// +optional
- TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"`
-
- // basicAuth defines the Basic Authentication credentials to use when
- // scraping the target.
- //
- // Cannot be set at the same time as `authorization`, or `oauth2`.
- //
- // +optional
- BasicAuth *BasicAuth `json:"basicAuth,omitempty"`
-
- // oauth2 defines the OAuth2 settings to use when scraping the target.
- //
- // It requires Prometheus >= 2.27.0.
- //
- // Cannot be set at the same time as `authorization`, or `basicAuth`.
- //
- // +optional
- OAuth2 *OAuth2 `json:"oauth2,omitempty"`
+ TrackTimestampsStaleness *bool `json:"trackTimestampsStaleness,omitempty"` // nolint:kubeapilinter
// metricRelabelings defines the relabeling rules to apply to the
// samples before ingestion.
@@ -671,20 +629,6 @@ type Endpoint struct {
// +optional
RelabelConfigs []RelabelConfig `json:"relabelings,omitempty"`
- // +optional
- ProxyConfig `json:",inline"`
-
- // followRedirects defines whether the scrape requests should follow HTTP
- // 3xx redirects.
- //
- // +optional
- FollowRedirects *bool `json:"followRedirects,omitempty"`
-
- // enableHttp2 can be used to disable HTTP2 when scraping the target.
- //
- // +optional
- EnableHttp2 *bool `json:"enableHttp2,omitempty"`
-
// filterRunning when true, the pods which are not running (e.g. either in Failed or
// Succeeded state) are dropped during the target discovery.
//
@@ -693,7 +637,15 @@ type Endpoint struct {
// More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
//
// +optional
- FilterRunning *bool `json:"filterRunning,omitempty"`
+ FilterRunning *bool `json:"filterRunning,omitempty"` // nolint:kubeapilinter
+
+ // bearerTokenFile defines the file to read bearer token for scraping the target.
+ //
+ // Deprecated: use `authorization` instead.
+ // +optional
+ BearerTokenFile string `json:"bearerTokenFile,omitempty"`
+
+ HTTPConfigWithProxyAndTLSFiles `json:",inline"`
}
type AttachMetadata struct {
@@ -704,7 +656,7 @@ type AttachMetadata struct {
// permissions on the `Nodes` objects.
//
// +optional
- Node *bool `json:"node,omitempty"`
+ Node *bool `json:"node,omitempty"` // nolint:kubeapilinter
}
// OAuth2 configures OAuth2 settings.
@@ -736,6 +688,7 @@ type OAuth2 struct {
// URL.
//
// +optional
+ //nolint:kubeapilinter
EndpointParams map[string]string `json:"endpointParams,omitempty"`
// tlsConfig defines the TLS configuration to use when connecting to the OAuth2 server.
@@ -828,147 +781,6 @@ func (c *SecretOrConfigMap) String() string {
return ""
}
-// +kubebuilder:validation:Enum=TLS10;TLS11;TLS12;TLS13
-type TLSVersion string
-
-const (
- TLSVersion10 TLSVersion = "TLS10"
- TLSVersion11 TLSVersion = "TLS11"
- TLSVersion12 TLSVersion = "TLS12"
- TLSVersion13 TLSVersion = "TLS13"
-)
-
-// SafeTLSConfig specifies safe TLS configuration parameters.
-// +k8s:openapi-gen=true
-type SafeTLSConfig struct {
- // ca defines the Certificate authority used when verifying server certificates.
- // +optional
- CA SecretOrConfigMap `json:"ca,omitempty"`
-
- // cert defines the Client certificate to present when doing client-authentication.
- // +optional
- Cert SecretOrConfigMap `json:"cert,omitempty"`
-
- // keySecret defines the Secret containing the client key file for the targets.
- // +optional
- KeySecret *v1.SecretKeySelector `json:"keySecret,omitempty"`
-
- // serverName is used to verify the hostname for the targets.
- // +optional
- ServerName *string `json:"serverName,omitempty"`
-
- // insecureSkipVerify defines how to disable target certificate validation.
- // +optional
- InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
-
- // minVersion defines the minimum acceptable TLS version.
- //
- // It requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.
- // +optional
- MinVersion *TLSVersion `json:"minVersion,omitempty"`
-
- // maxVersion defines the maximum acceptable TLS version.
- //
- // It requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.
- // +optional
- MaxVersion *TLSVersion `json:"maxVersion,omitempty"`
-}
-
-// Validate semantically validates the given SafeTLSConfig.
-func (c *SafeTLSConfig) Validate() error {
- if c == nil {
- return nil
- }
-
- if c.CA != (SecretOrConfigMap{}) {
- if err := c.CA.Validate(); err != nil {
- return fmt.Errorf("ca %s: %w", c.CA.String(), err)
- }
- }
-
- if c.Cert != (SecretOrConfigMap{}) {
- if err := c.Cert.Validate(); err != nil {
- return fmt.Errorf("cert %s: %w", c.Cert.String(), err)
- }
- }
-
- if c.Cert != (SecretOrConfigMap{}) && c.KeySecret == nil {
- return fmt.Errorf("client cert specified without client key")
- }
-
- if c.KeySecret != nil && c.Cert == (SecretOrConfigMap{}) {
- return fmt.Errorf("client key specified without client cert")
- }
-
- if c.MaxVersion != nil && c.MinVersion != nil && strings.Compare(string(*c.MaxVersion), string(*c.MinVersion)) == -1 {
- return fmt.Errorf("maxVersion must more than or equal to minVersion")
- }
-
- return nil
-}
-
-// TLSConfig extends the safe TLS configuration with file parameters.
-// +k8s:openapi-gen=true
-type TLSConfig struct {
- // +optional
- SafeTLSConfig `json:",inline"`
- // caFile defines the path to the CA cert in the Prometheus container to use for the targets.
- // +optional
- CAFile string `json:"caFile,omitempty"`
- // certFile defines the path to the client cert file in the Prometheus container for the targets.
- // +optional
- CertFile string `json:"certFile,omitempty"`
- // keyFile defines the path to the client key file in the Prometheus container for the targets.
- // +optional
- KeyFile string `json:"keyFile,omitempty"`
-}
-
-// Validate semantically validates the given TLSConfig.
-func (c *TLSConfig) Validate() error {
- if c == nil {
- return nil
- }
-
- if c.CA != (SecretOrConfigMap{}) {
- if c.CAFile != "" {
- return fmt.Errorf("cannot specify both caFile and ca")
- }
- if err := c.CA.Validate(); err != nil {
- return fmt.Errorf("SecretOrConfigMap ca: %w", err)
- }
- }
-
- if c.Cert != (SecretOrConfigMap{}) {
- if c.CertFile != "" {
- return fmt.Errorf("cannot specify both certFile and cert")
- }
- if err := c.Cert.Validate(); err != nil {
- return fmt.Errorf("SecretOrConfigMap cert: %w", err)
- }
- }
-
- if c.KeyFile != "" && c.KeySecret != nil {
- return fmt.Errorf("cannot specify both keyFile and keySecret")
- }
-
- hasCert := c.CertFile != "" || c.Cert != (SecretOrConfigMap{})
- hasKey := c.KeyFile != "" || c.KeySecret != nil
-
- if hasCert && !hasKey {
- return fmt.Errorf("cannot specify client cert without client key")
- }
-
- if hasKey && !hasCert {
- return fmt.Errorf("cannot specify client key without client cert")
- }
-
- if c.MaxVersion != nil && c.MinVersion != nil && strings.Compare(string(*c.MaxVersion), string(*c.MinVersion)) == -1 {
- return fmt.Errorf("maxVersion must more than or equal to minVersion")
- }
-
- return nil
-}
-
// NamespaceSelector is a selector for selecting either all namespaces or a
// list of namespaces.
// If `any` is true, it takes precedence over `matchNames`.
@@ -979,7 +791,7 @@ type NamespaceSelector struct {
// any defines the boolean describing whether all namespaces are selected in contrast to a
// list restricting them.
// +optional
- Any bool `json:"any,omitempty"`
+ Any bool `json:"any,omitempty"` // nolint:kubeapilinter
// matchNames defines the list of namespace names to select from.
// +optional
MatchNames []string `json:"matchNames,omitempty"`
@@ -1014,13 +826,19 @@ const (
// NativeHistogramConfig extends the native histogram configuration settings.
// +k8s:openapi-gen=true
type NativeHistogramConfig struct {
+ // scrapeNativeHistograms defines whether to enable scraping of native histograms.
+ // It requires Prometheus >= v3.8.0.
+ //
+ // +optional
+ ScrapeNativeHistograms *bool `json:"scrapeNativeHistograms,omitempty"` // nolint:kubeapilinter
+
// scrapeClassicHistograms defines whether to scrape a classic histogram that is also exposed as a native histogram.
// It requires Prometheus >= v2.45.0.
//
// Notice: `scrapeClassicHistograms` corresponds to the `always_scrape_classic_histograms` field in the Prometheus configuration.
//
// +optional
- ScrapeClassicHistograms *bool `json:"scrapeClassicHistograms,omitempty"`
+ ScrapeClassicHistograms *bool `json:"scrapeClassicHistograms,omitempty"` // nolint:kubeapilinter
// nativeHistogramBucketLimit defines ff there are more than this many buckets in a native histogram,
// buckets will be merged to stay within the limit.
@@ -1040,7 +858,7 @@ type NativeHistogramConfig struct {
// It requires Prometheus >= v3.0.0.
//
// +optional
- ConvertClassicHistogramsToNHCB *bool `json:"convertClassicHistogramsToNHCB,omitempty"`
+ ConvertClassicHistogramsToNHCB *bool `json:"convertClassicHistogramsToNHCB,omitempty"` // nolint:kubeapilinter
}
// +kubebuilder:validation:Enum=RelabelConfig;RoleSelector
@@ -1140,3 +958,135 @@ const (
SchemeHTTP Scheme = "HTTP"
SchemeHTTPS Scheme = "HTTPS"
)
+
+// +kubebuilder:validation:Enum=OrderedReady;Parallel
+type PodManagementPolicyType string
+
+const (
+ // OrderedReadyPodManagement will create pods in strictly increasing order on
+ // scale up and strictly decreasing order on scale down, progressing only when
+ // the previous pod is ready or terminated. At most one pod will be changed
+ // at any time.
+ OrderedReadyPodManagement PodManagementPolicyType = "OrderedReady"
+ // ParallelPodManagement will create and delete pods as soon as the stateful set
+ // replica count is changed, and will not wait for pods to be ready or complete
+ // termination.
+ ParallelPodManagement PodManagementPolicyType = "Parallel"
+)
+
+// StatefulSetUpdateStrategy indicates the strategy used when updating the
+// StatefulSet. It includes any additional parameters necessary to perform the
+// update for the indicated strategy.
+//
+// +kubebuilder:validation:XValidation:rule="!(self.type != 'RollingUpdate' && has(self.rollingUpdate))",message="rollingUpdate requires type to be RollingUpdate"
+type StatefulSetUpdateStrategy struct {
+ // type indicates the type of the StatefulSetUpdateStrategy.
+ //
+ // Default is RollingUpdate.
+ //
+ // +required
+ Type StatefulSetUpdateStrategyType `json:"type"`
+
+ // rollingUpdate is used to communicate parameters when type is RollingUpdate.
+ //
+ // +optional
+ RollingUpdate *RollingUpdateStatefulSetStrategy `json:"rollingUpdate,omitempty"`
+}
+
+// RollingUpdateStatefulSetStrategy is used to communicate parameter for the RollingUpdate strategy.
+type RollingUpdateStatefulSetStrategy struct {
+ // maxUnavailable is the maximum number of pods that can be unavailable
+ // during the update. The value can be an absolute number (ex: 5) or a
+ // percentage of desired pods (ex: 10%). Absolute number is calculated from
+ // percentage by rounding up. This can not be 0. Defaults to 1. This field
+ // is alpha-level and is only honored by servers that enable the
+ // MaxUnavailableStatefulSet feature. The field applies to all pods in the
+ // range 0 to Replicas-1. That means if there is any unavailable pod in
+ // the range 0 to Replicas-1, it will be counted towards MaxUnavailable.
+ //
+ // +kubebuilder:validation:XIntOrString
+ // +optional
+ MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty" protobuf:"varint,2,opt,name=maxUnavailable"`
+}
+
+// StatefulSetUpdateStrategyType is a string enumeration type that enumerates
+// all possible update strategies for the StatefulSet pods.
+//
+// +kubebuilder:validation:Enum=OnDelete;RollingUpdate
+type StatefulSetUpdateStrategyType string
+
+const (
+ // RollingUpdateStatefulSetStrategyType indicates that update will be
+ // applied to all Pods in the StatefulSet with respect to the StatefulSet
+ // ordering constraints. When a scale operation is performed with this
+ // strategy, new Pods will be created from the specification version indicated
+ // by the StatefulSet's updateRevision.
+ RollingUpdateStatefulSetStrategyType StatefulSetUpdateStrategyType = "RollingUpdate"
+
+ // OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version
+ // tracking and ordered rolling restarts are disabled. Pods are recreated
+ // from the StatefulSetSpec when they are manually deleted. When a scale
+ // operation is performed with this strategy, new Pods will be created from
+ // the the specification version indicated by the StatefulSet's
+ // currentRevision.
+ OnDeleteStatefulSetStrategyType StatefulSetUpdateStrategyType = "OnDelete"
+)
+
+type TracingConfig struct {
+ // clientType defines the client used to export the traces. Supported values are `HTTP` and `GRPC`.
+ // +kubebuilder:validation:Enum=http;grpc;HTTP;GRPC
+ // +optional
+ ClientType *string `json:"clientType",omitempty`
+
+ // endpoint to send the traces to. Should be provided in format :.
+ // +kubebuilder:validation:MinLength:=1
+ // +required
+ Endpoint string `json:"endpoint"`
+
+ // samplingFraction defines the probability a given trace will be sampled. Must be a float from 0 through 1.
+ // +optional
+ SamplingFraction *resource.Quantity `json:"samplingFraction",omitempty`
+
+ // insecure if disabled, the client will use a secure connection.
+ // +optional
+ Insecure *bool `json:"insecure",omitempty` // nolint:kubeapilinter
+
+ // headers defines the key-value pairs to be used as headers associated with gRPC or HTTP requests.
+ // +optional
+ Headers map[string]string `json:"headers"`
+
+ // compression key for supported compression types. The only supported value is `Gzip`.
+ // +kubebuilder:validation:Enum=gzip;Gzip
+ // +optional
+ Compression *string `json:"compression",omitempty`
+
+ // timeout defines the maximum time the exporter will wait for each batch export.
+ // +optional
+ Timeout *Duration `json:"timeout",omitempty`
+
+ // tlsConfig to use when sending traces.
+ // +optional
+ TLSConfig *TLSConfig `json:"tlsConfig",omitempty`
+}
+
+// Validate semantically validates the given TracingConfig.
+func (tc *TracingConfig) Validate() error {
+ if tc == nil {
+ return nil
+ }
+
+ if err := tc.TLSConfig.Validate(); err != nil {
+ return err
+ }
+
+ if tc.SamplingFraction != nil {
+ min, _ := resource.ParseQuantity("0")
+ max, _ := resource.ParseQuantity("1")
+
+ if tc.SamplingFraction.Cmp(min) < 0 || tc.SamplingFraction.Cmp(max) > 0 {
+ return fmt.Errorf("`samplingFraction` must be between 0 and 1")
+ }
+ }
+
+ return nil
+}
diff --git a/pkg/apis/monitoring/v1/types_test.go b/pkg/apis/monitoring/v1/types_test.go
index c3ac43cbf0f..9264eba2990 100644
--- a/pkg/apis/monitoring/v1/types_test.go
+++ b/pkg/apis/monitoring/v1/types_test.go
@@ -19,6 +19,7 @@ import (
"testing"
v1 "k8s.io/api/core/v1"
+ "k8s.io/apimachinery/pkg/api/resource"
)
func TestValidateSecretOrConfigMap(t *testing.T) {
@@ -138,41 +139,51 @@ func TestValidateTLSConfig(t *testing.T) {
{
name: "caFile, certFile and keyFile",
config: &TLSConfig{
- CAFile: "cafile",
- CertFile: "certfile",
- KeyFile: "keyfile",
+ TLSFilesConfig: TLSFilesConfig{
+ CAFile: "cafile",
+ CertFile: "certfile",
+ KeyFile: "keyfile",
+ },
},
err: false,
},
{
name: "certFile and keyFile",
config: &TLSConfig{
- CertFile: "certfile",
- KeyFile: "keyfile",
+ TLSFilesConfig: TLSFilesConfig{
+ CertFile: "certfile",
+ KeyFile: "keyfile",
+ },
},
err: false,
},
{
name: "caFile and keyFile",
config: &TLSConfig{
- CAFile: "cafile",
- KeyFile: "keyfile",
+ TLSFilesConfig: TLSFilesConfig{
+ CAFile: "cafile",
+ KeyFile: "keyfile",
+ },
},
err: true,
},
{
name: "caFile and certFile",
config: &TLSConfig{
- CAFile: "cafile",
- CertFile: "certfile",
+ TLSFilesConfig: TLSFilesConfig{
+ CAFile: "cafile",
+ CertFile: "certfile",
+ },
},
err: true,
},
{
name: "caFile, cert and keyFile",
config: &TLSConfig{
- CAFile: "cafile",
- KeyFile: "keyfile",
+ TLSFilesConfig: TLSFilesConfig{
+ CAFile: "cafile",
+ KeyFile: "keyfile",
+ },
SafeTLSConfig: SafeTLSConfig{
Cert: SecretOrConfigMap{Secret: &v1.SecretKeySelector{}},
},
@@ -182,8 +193,10 @@ func TestValidateTLSConfig(t *testing.T) {
{
name: "caFile, certFile and keySecret",
config: &TLSConfig{
- CAFile: "cafile",
- CertFile: "certfile",
+ TLSFilesConfig: TLSFilesConfig{
+ CAFile: "cafile",
+ CertFile: "certfile",
+ },
SafeTLSConfig: SafeTLSConfig{
KeySecret: &v1.SecretKeySelector{},
},
@@ -517,3 +530,68 @@ func TestDurationPointer(t *testing.T) {
t.Fatalf("wanted %v, but got %v", &oneMinuteDuration, got)
}
}
+
+func TestValidateTracingConfig(t *testing.T) {
+ for _, tc := range []struct {
+ name string
+ config *TracingConfig
+ err bool
+ }{
+ {
+ name: "TLSConfig nil",
+ config: &TracingConfig{
+ TLSConfig: nil,
+ },
+ err: false,
+ },
+ {
+ name: "SamplingFraction simple value",
+ config: &TracingConfig{
+ SamplingFraction: func(v resource.Quantity) *resource.Quantity { return &v }(resource.MustParse("0.56")),
+ },
+ err: false,
+ },
+ {
+ name: "SamplingFraction > 1",
+ config: &TracingConfig{
+ SamplingFraction: resource.NewQuantity(10, resource.DecimalSI),
+ },
+ err: true,
+ },
+ {
+ name: "SamplingFraction < 0",
+ config: &TracingConfig{
+ SamplingFraction: resource.NewQuantity(-1, resource.DecimalSI),
+ },
+ err: true,
+ },
+ {
+ name: "SamplingFraction == 0",
+ config: &TracingConfig{
+ SamplingFraction: resource.NewQuantity(0, resource.DecimalSI),
+ },
+ err: false,
+ },
+ {
+ name: "SamplingFraction == 1",
+ config: &TracingConfig{
+ SamplingFraction: resource.NewQuantity(1, resource.DecimalSI),
+ },
+ err: false,
+ },
+ } {
+ t.Run(tc.name, func(t *testing.T) {
+ err := tc.config.Validate()
+ if tc.err {
+ if err == nil {
+ t.Fatal("expected error but got none")
+ }
+ return
+ }
+
+ if err != nil {
+ t.Fatalf("expected no error but got: %s", err)
+ }
+ })
+ }
+}
diff --git a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go
index 03b17df8bcb..73314958dc9 100644
--- a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go
@@ -228,9 +228,9 @@ func (in *AlertmanagerGlobalConfig) DeepCopyInto(out *AlertmanagerGlobalConfig)
*out = new(GlobalSMTPConfig)
(*in).DeepCopyInto(*out)
}
- if in.HTTPConfig != nil {
- in, out := &in.HTTPConfig, &out.HTTPConfig
- *out = new(HTTPConfig)
+ if in.HTTPConfigWithProxy != nil {
+ in, out := &in.HTTPConfigWithProxy, &out.HTTPConfigWithProxy
+ *out = new(HTTPConfigWithProxy)
(*in).DeepCopyInto(*out)
}
if in.SlackAPIURL != nil {
@@ -453,6 +453,16 @@ func (in *AlertmanagerSpec) DeepCopyInto(out *AlertmanagerSpec) {
*out = new(string)
**out = **in
}
+ if in.PodManagementPolicy != nil {
+ in, out := &in.PodManagementPolicy, &out.PodManagementPolicy
+ *out = new(PodManagementPolicyType)
+ **out = **in
+ }
+ if in.UpdateStrategy != nil {
+ in, out := &in.UpdateStrategy, &out.UpdateStrategy
+ *out = new(StatefulSetUpdateStrategy)
+ (*in).DeepCopyInto(*out)
+ }
if in.Containers != nil {
in, out := &in.Containers, &out.Containers
*out = make([]corev1.Container, len(*in))
@@ -694,6 +704,16 @@ func (in *AzureAD) DeepCopyInto(out *AzureAD) {
*out = new(AzureSDK)
(*in).DeepCopyInto(*out)
}
+ if in.WorkloadIdentity != nil {
+ in, out := &in.WorkloadIdentity, &out.WorkloadIdentity
+ *out = new(AzureWorkloadIdentity)
+ **out = **in
+ }
+ if in.Scope != nil {
+ in, out := &in.Scope, &out.Scope
+ *out = new(string)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAD.
@@ -742,6 +762,21 @@ func (in *AzureSDK) DeepCopy() *AzureSDK {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AzureWorkloadIdentity) DeepCopyInto(out *AzureWorkloadIdentity) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureWorkloadIdentity.
+func (in *AzureWorkloadIdentity) DeepCopy() *AzureWorkloadIdentity {
+ if in == nil {
+ return nil
+ }
+ out := new(AzureWorkloadIdentity)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *BasicAuth) DeepCopyInto(out *BasicAuth) {
*out = *in
@@ -979,6 +1014,16 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) {
*out = new(PodDNSConfig)
(*in).DeepCopyInto(*out)
}
+ if in.PodManagementPolicy != nil {
+ in, out := &in.PodManagementPolicy, &out.PodManagementPolicy
+ *out = new(PodManagementPolicyType)
+ **out = **in
+ }
+ if in.UpdateStrategy != nil {
+ in, out := &in.UpdateStrategy, &out.UpdateStrategy
+ *out = new(StatefulSetUpdateStrategy)
+ (*in).DeepCopyInto(*out)
+ }
if in.EnableServiceLinks != nil {
in, out := &in.EnableServiceLinks, &out.EnableServiceLinks
*out = new(bool)
@@ -1054,6 +1099,11 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) {
*out = new(bool)
**out = **in
}
+ if in.ScrapeNativeHistograms != nil {
+ in, out := &in.ScrapeNativeHistograms, &out.ScrapeNativeHistograms
+ *out = new(bool)
+ **out = **in
+ }
if in.ScrapeClassicHistograms != nil {
in, out := &in.ScrapeClassicHistograms, &out.ScrapeClassicHistograms
*out = new(bool)
@@ -1093,7 +1143,7 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) {
}
if in.TracingConfig != nil {
in, out := &in.TracingConfig, &out.TracingConfig
- *out = new(PrometheusTracingConfig)
+ *out = new(TracingConfig)
(*in).DeepCopyInto(*out)
}
if in.BodySizeLimit != nil {
@@ -1366,21 +1416,6 @@ func (in *Endpoint) DeepCopyInto(out *Endpoint) {
(*out)[key] = outVal
}
}
- if in.TLSConfig != nil {
- in, out := &in.TLSConfig, &out.TLSConfig
- *out = new(TLSConfig)
- (*in).DeepCopyInto(*out)
- }
- if in.BearerTokenSecret != nil {
- in, out := &in.BearerTokenSecret, &out.BearerTokenSecret
- *out = new(corev1.SecretKeySelector)
- (*in).DeepCopyInto(*out)
- }
- if in.Authorization != nil {
- in, out := &in.Authorization, &out.Authorization
- *out = new(SafeAuthorization)
- (*in).DeepCopyInto(*out)
- }
if in.HonorTimestamps != nil {
in, out := &in.HonorTimestamps, &out.HonorTimestamps
*out = new(bool)
@@ -1391,16 +1426,6 @@ func (in *Endpoint) DeepCopyInto(out *Endpoint) {
*out = new(bool)
**out = **in
}
- if in.BasicAuth != nil {
- in, out := &in.BasicAuth, &out.BasicAuth
- *out = new(BasicAuth)
- (*in).DeepCopyInto(*out)
- }
- if in.OAuth2 != nil {
- in, out := &in.OAuth2, &out.OAuth2
- *out = new(OAuth2)
- (*in).DeepCopyInto(*out)
- }
if in.MetricRelabelConfigs != nil {
in, out := &in.MetricRelabelConfigs, &out.MetricRelabelConfigs
*out = make([]RelabelConfig, len(*in))
@@ -1415,22 +1440,12 @@ func (in *Endpoint) DeepCopyInto(out *Endpoint) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
- in.ProxyConfig.DeepCopyInto(&out.ProxyConfig)
- if in.FollowRedirects != nil {
- in, out := &in.FollowRedirects, &out.FollowRedirects
- *out = new(bool)
- **out = **in
- }
- if in.EnableHttp2 != nil {
- in, out := &in.EnableHttp2, &out.EnableHttp2
- *out = new(bool)
- **out = **in
- }
if in.FilterRunning != nil {
in, out := &in.FilterRunning, &out.FilterRunning
*out = new(bool)
**out = **in
}
+ in.HTTPConfigWithProxyAndTLSFiles.DeepCopyInto(&out.HTTPConfigWithProxyAndTLSFiles)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoint.
@@ -1670,6 +1685,82 @@ func (in *GlobalWebexConfig) DeepCopy() *GlobalWebexConfig {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HTTPConfig) DeepCopyInto(out *HTTPConfig) {
+ *out = *in
+ in.HTTPConfigWithoutTLS.DeepCopyInto(&out.HTTPConfigWithoutTLS)
+ if in.TLSConfig != nil {
+ in, out := &in.TLSConfig, &out.TLSConfig
+ *out = new(SafeTLSConfig)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPConfig.
+func (in *HTTPConfig) DeepCopy() *HTTPConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(HTTPConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HTTPConfigWithProxy) DeepCopyInto(out *HTTPConfigWithProxy) {
+ *out = *in
+ in.HTTPConfig.DeepCopyInto(&out.HTTPConfig)
+ in.ProxyConfig.DeepCopyInto(&out.ProxyConfig)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPConfigWithProxy.
+func (in *HTTPConfigWithProxy) DeepCopy() *HTTPConfigWithProxy {
+ if in == nil {
+ return nil
+ }
+ out := new(HTTPConfigWithProxy)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HTTPConfigWithProxyAndTLSFiles) DeepCopyInto(out *HTTPConfigWithProxyAndTLSFiles) {
+ *out = *in
+ in.HTTPConfigWithTLSFiles.DeepCopyInto(&out.HTTPConfigWithTLSFiles)
+ in.ProxyConfig.DeepCopyInto(&out.ProxyConfig)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPConfigWithProxyAndTLSFiles.
+func (in *HTTPConfigWithProxyAndTLSFiles) DeepCopy() *HTTPConfigWithProxyAndTLSFiles {
+ if in == nil {
+ return nil
+ }
+ out := new(HTTPConfigWithProxyAndTLSFiles)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HTTPConfigWithTLSFiles) DeepCopyInto(out *HTTPConfigWithTLSFiles) {
+ *out = *in
+ in.HTTPConfigWithoutTLS.DeepCopyInto(&out.HTTPConfigWithoutTLS)
+ if in.TLSConfig != nil {
+ in, out := &in.TLSConfig, &out.TLSConfig
+ *out = new(TLSConfig)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPConfigWithTLSFiles.
+func (in *HTTPConfigWithTLSFiles) DeepCopy() *HTTPConfigWithTLSFiles {
+ if in == nil {
+ return nil
+ }
+ out := new(HTTPConfigWithTLSFiles)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HTTPConfigWithoutTLS) DeepCopyInto(out *HTTPConfigWithoutTLS) {
*out = *in
if in.Authorization != nil {
in, out := &in.Authorization, &out.Authorization
@@ -1691,12 +1782,6 @@ func (in *HTTPConfig) DeepCopyInto(out *HTTPConfig) {
*out = new(corev1.SecretKeySelector)
(*in).DeepCopyInto(*out)
}
- if in.TLSConfig != nil {
- in, out := &in.TLSConfig, &out.TLSConfig
- *out = new(SafeTLSConfig)
- (*in).DeepCopyInto(*out)
- }
- in.ProxyConfig.DeepCopyInto(&out.ProxyConfig)
if in.FollowRedirects != nil {
in, out := &in.FollowRedirects, &out.FollowRedirects
*out = new(bool)
@@ -1709,12 +1794,12 @@ func (in *HTTPConfig) DeepCopyInto(out *HTTPConfig) {
}
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPConfig.
-func (in *HTTPConfig) DeepCopy() *HTTPConfig {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPConfigWithoutTLS.
+func (in *HTTPConfigWithoutTLS) DeepCopy() *HTTPConfigWithoutTLS {
if in == nil {
return nil
}
- out := new(HTTPConfig)
+ out := new(HTTPConfigWithoutTLS)
in.DeepCopyInto(out)
return out
}
@@ -1817,6 +1902,11 @@ func (in *NamespaceSelector) DeepCopy() *NamespaceSelector {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NativeHistogramConfig) DeepCopyInto(out *NativeHistogramConfig) {
*out = *in
+ if in.ScrapeNativeHistograms != nil {
+ in, out := &in.ScrapeNativeHistograms, &out.ScrapeNativeHistograms
+ *out = new(bool)
+ **out = **in
+ }
if in.ScrapeClassicHistograms != nil {
in, out := &in.ScrapeClassicHistograms, &out.ScrapeClassicHistograms
*out = new(bool)
@@ -2069,7 +2159,7 @@ func (in *PodMetricsEndpoint) DeepCopyInto(out *PodMetricsEndpoint) {
*out = new(bool)
**out = **in
}
- in.HTTPConfig.DeepCopyInto(&out.HTTPConfig)
+ in.HTTPConfigWithProxy.DeepCopyInto(&out.HTTPConfigWithProxy)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodMetricsEndpoint.
@@ -2283,22 +2373,6 @@ func (in *ProbeSpec) DeepCopyInto(out *ProbeSpec) {
*out = *in
in.ProberSpec.DeepCopyInto(&out.ProberSpec)
in.Targets.DeepCopyInto(&out.Targets)
- if in.TLSConfig != nil {
- in, out := &in.TLSConfig, &out.TLSConfig
- *out = new(SafeTLSConfig)
- (*in).DeepCopyInto(*out)
- }
- in.BearerTokenSecret.DeepCopyInto(&out.BearerTokenSecret)
- if in.BasicAuth != nil {
- in, out := &in.BasicAuth, &out.BasicAuth
- *out = new(BasicAuth)
- (*in).DeepCopyInto(*out)
- }
- if in.OAuth2 != nil {
- in, out := &in.OAuth2, &out.OAuth2
- *out = new(OAuth2)
- (*in).DeepCopyInto(*out)
- }
if in.MetricRelabelConfigs != nil {
in, out := &in.MetricRelabelConfigs, &out.MetricRelabelConfigs
*out = make([]RelabelConfig, len(*in))
@@ -2364,6 +2438,7 @@ func (in *ProbeSpec) DeepCopyInto(out *ProbeSpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
+ in.HTTPConfig.DeepCopyInto(&out.HTTPConfig)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProbeSpec.
@@ -2709,58 +2784,6 @@ func (in *PrometheusStatus) DeepCopy() *PrometheusStatus {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *PrometheusTracingConfig) DeepCopyInto(out *PrometheusTracingConfig) {
- *out = *in
- if in.ClientType != nil {
- in, out := &in.ClientType, &out.ClientType
- *out = new(string)
- **out = **in
- }
- if in.SamplingFraction != nil {
- in, out := &in.SamplingFraction, &out.SamplingFraction
- x := (*in).DeepCopy()
- *out = &x
- }
- if in.Insecure != nil {
- in, out := &in.Insecure, &out.Insecure
- *out = new(bool)
- **out = **in
- }
- if in.Headers != nil {
- in, out := &in.Headers, &out.Headers
- *out = make(map[string]string, len(*in))
- for key, val := range *in {
- (*out)[key] = val
- }
- }
- if in.Compression != nil {
- in, out := &in.Compression, &out.Compression
- *out = new(string)
- **out = **in
- }
- if in.Timeout != nil {
- in, out := &in.Timeout, &out.Timeout
- *out = new(Duration)
- **out = **in
- }
- if in.TLSConfig != nil {
- in, out := &in.TLSConfig, &out.TLSConfig
- *out = new(TLSConfig)
- (*in).DeepCopyInto(*out)
- }
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusTracingConfig.
-func (in *PrometheusTracingConfig) DeepCopy() *PrometheusTracingConfig {
- if in == nil {
- return nil
- }
- out := new(PrometheusTracingConfig)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PrometheusWebSpec) DeepCopyInto(out *PrometheusWebSpec) {
*out = *in
@@ -3125,6 +3148,26 @@ func (in *RetainConfig) DeepCopy() *RetainConfig {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RollingUpdateStatefulSetStrategy) DeepCopyInto(out *RollingUpdateStatefulSetStrategy) {
+ *out = *in
+ if in.MaxUnavailable != nil {
+ in, out := &in.MaxUnavailable, &out.MaxUnavailable
+ *out = new(intstr.IntOrString)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RollingUpdateStatefulSetStrategy.
+func (in *RollingUpdateStatefulSetStrategy) DeepCopy() *RollingUpdateStatefulSetStrategy {
+ if in == nil {
+ return nil
+ }
+ out := new(RollingUpdateStatefulSetStrategy)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Rule) DeepCopyInto(out *Rule) {
*out = *in
@@ -3614,6 +3657,26 @@ func (in *Sigv4) DeepCopy() *Sigv4 {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StatefulSetUpdateStrategy) DeepCopyInto(out *StatefulSetUpdateStrategy) {
+ *out = *in
+ if in.RollingUpdate != nil {
+ in, out := &in.RollingUpdate, &out.RollingUpdate
+ *out = new(RollingUpdateStatefulSetStrategy)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetUpdateStrategy.
+func (in *StatefulSetUpdateStrategy) DeepCopy() *StatefulSetUpdateStrategy {
+ if in == nil {
+ return nil
+ }
+ out := new(StatefulSetUpdateStrategy)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *StorageSpec) DeepCopyInto(out *StorageSpec) {
*out = *in
@@ -3644,6 +3707,7 @@ func (in *StorageSpec) DeepCopy() *StorageSpec {
func (in *TLSConfig) DeepCopyInto(out *TLSConfig) {
*out = *in
in.SafeTLSConfig.DeepCopyInto(&out.SafeTLSConfig)
+ out.TLSFilesConfig = in.TLSFilesConfig
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig.
@@ -3656,6 +3720,21 @@ func (in *TLSConfig) DeepCopy() *TLSConfig {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TLSFilesConfig) DeepCopyInto(out *TLSFilesConfig) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSFilesConfig.
+func (in *TLSFilesConfig) DeepCopy() *TLSFilesConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(TLSFilesConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TSDBSpec) DeepCopyInto(out *TSDBSpec) {
*out = *in
@@ -3823,6 +3902,16 @@ func (in *ThanosRulerSpec) DeepCopyInto(out *ThanosRulerSpec) {
*out = new(string)
**out = **in
}
+ if in.PodManagementPolicy != nil {
+ in, out := &in.PodManagementPolicy, &out.PodManagementPolicy
+ *out = new(PodManagementPolicyType)
+ **out = **in
+ }
+ if in.UpdateStrategy != nil {
+ in, out := &in.UpdateStrategy, &out.UpdateStrategy
+ *out = new(StatefulSetUpdateStrategy)
+ (*in).DeepCopyInto(*out)
+ }
if in.QueryEndpoints != nil {
in, out := &in.QueryEndpoints, &out.QueryEndpoints
*out = make([]string, len(*in))
@@ -4122,6 +4211,58 @@ func (in *TopologySpreadConstraint) DeepCopy() *TopologySpreadConstraint {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TracingConfig) DeepCopyInto(out *TracingConfig) {
+ *out = *in
+ if in.ClientType != nil {
+ in, out := &in.ClientType, &out.ClientType
+ *out = new(string)
+ **out = **in
+ }
+ if in.SamplingFraction != nil {
+ in, out := &in.SamplingFraction, &out.SamplingFraction
+ x := (*in).DeepCopy()
+ *out = &x
+ }
+ if in.Insecure != nil {
+ in, out := &in.Insecure, &out.Insecure
+ *out = new(bool)
+ **out = **in
+ }
+ if in.Headers != nil {
+ in, out := &in.Headers, &out.Headers
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+ if in.Compression != nil {
+ in, out := &in.Compression, &out.Compression
+ *out = new(string)
+ **out = **in
+ }
+ if in.Timeout != nil {
+ in, out := &in.Timeout, &out.Timeout
+ *out = new(Duration)
+ **out = **in
+ }
+ if in.TLSConfig != nil {
+ in, out := &in.TLSConfig, &out.TLSConfig
+ *out = new(TLSConfig)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingConfig.
+func (in *TracingConfig) DeepCopy() *TracingConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(TracingConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebConfigFileFields) DeepCopyInto(out *WebConfigFileFields) {
*out = *in
diff --git a/pkg/apis/monitoring/v1alpha1/alertmanager_config_types.go b/pkg/apis/monitoring/v1alpha1/alertmanager_config_types.go
index e17e7fc02d9..4b0512c8bd1 100644
--- a/pkg/apis/monitoring/v1alpha1/alertmanager_config_types.go
+++ b/pkg/apis/monitoring/v1alpha1/alertmanager_config_types.go
@@ -29,6 +29,7 @@ import (
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/utils/ptr"
)
const (
@@ -43,6 +44,7 @@ const (
// +k8s:openapi-gen=true
// +kubebuilder:resource:categories="prometheus-operator",shortName="amcfg"
// +kubebuilder:storageversion
+// +kubebuilder:subresource:status
// AlertmanagerConfig configures the Prometheus Alertmanager,
// specifying how alerts should be grouped, inhibited and notified to external systems.
@@ -55,6 +57,14 @@ type AlertmanagerConfig struct {
// spec defines the specification of AlertmanagerConfigSpec
// +required
Spec AlertmanagerConfigSpec `json:"spec"`
+ // status defines the status subresource. It is under active development and is updated only when the
+ // "StatusForConfigurationResources" feature gate is enabled.
+ //
+ // Most recent observed status of the ServiceMonitor. Read-only.
+ // More info:
+ // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ // +optional
+ Status monitoringv1.ConfigResourceStatus `json:"status,omitempty,omitzero"`
}
// AlertmanagerConfigList is a list of AlertmanagerConfig.
@@ -81,13 +91,17 @@ type AlertmanagerConfigSpec struct {
// +optional
Route *Route `json:"route"`
// receivers defines the list of receivers.
+ // +listType=map
+ // +listMapKey=name
// +optional
Receivers []Receiver `json:"receivers"`
// inhibitRules defines the list of inhibition rules. The rules will only apply to alerts matching
// the resource's namespace.
+ // +listType=atomic
// +optional
InhibitRules []InhibitRule `json:"inhibitRules,omitempty"`
// muteTimeIntervals defines the list of MuteTimeInterval specifying when the routes should be muted.
+ // +listType=atomic
// +optional
MuteTimeIntervals []MuteTimeInterval `json:"muteTimeIntervals,omitempty"`
}
@@ -101,6 +115,7 @@ type Route struct {
// groupBy defines the list of labels to group by.
// Labels must not be repeated (unique list).
// Special label "..." (aggregate by all possible labels), if provided, must be the only element in the list.
+ // +listType=set
// +optional
GroupBy []string `json:"groupBy,omitempty"`
// groupWait defines how long to wait before sending the initial notification.
@@ -122,14 +137,16 @@ type Route struct {
// level route, the operator removes any existing equality and regexp
// matcher on the `namespace` label and adds a `namespace: