diff --git a/cmd/cluster-operator/attachedcluster/attachedcluster.go b/cmd/cluster-operator/attachedcluster/attachedcluster.go index 69d532d97..b5e79ad35 100644 --- a/cmd/cluster-operator/attachedcluster/attachedcluster.go +++ b/cmd/cluster-operator/attachedcluster/attachedcluster.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/cluster-operator/customcluster/customcluster.go b/cmd/cluster-operator/customcluster/customcluster.go index 558321961..223ae07d1 100644 --- a/cmd/cluster-operator/customcluster/customcluster.go +++ b/cmd/cluster-operator/customcluster/customcluster.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/cluster-operator/infra/infra.go b/cmd/cluster-operator/infra/infra.go index a7c0fb41e..2bce88e16 100644 --- a/cmd/cluster-operator/infra/infra.go +++ b/cmd/cluster-operator/infra/infra.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/cluster-operator/main.go b/cmd/cluster-operator/main.go index d74e6cfa0..c6a716f8c 100644 --- a/cmd/cluster-operator/main.go +++ b/cmd/cluster-operator/main.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/cluster-operator/scheme/scheme.go b/cmd/cluster-operator/scheme/scheme.go index 90e85eeed..59c8d7de0 100644 --- a/cmd/cluster-operator/scheme/scheme.go +++ b/cmd/cluster-operator/scheme/scheme.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/crd-gen-tool/main.go b/cmd/crd-gen-tool/main.go index 921cd31e3..970b7700e 100644 --- a/cmd/crd-gen-tool/main.go +++ b/cmd/crd-gen-tool/main.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/fleet-manager/application/application.go b/cmd/fleet-manager/application/application.go index 7f4e4ee46..2e757b675 100644 --- a/cmd/fleet-manager/application/application.go +++ b/cmd/fleet-manager/application/application.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/fleet-manager/backup/backup.go b/cmd/fleet-manager/backup/backup.go index 72117d611..4a6b0b46c 100644 --- a/cmd/fleet-manager/backup/backup.go +++ b/cmd/fleet-manager/backup/backup.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/fleet-manager/main.go b/cmd/fleet-manager/main.go index 4cf97ddfb..06337fa62 100644 --- a/cmd/fleet-manager/main.go +++ b/cmd/fleet-manager/main.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/fleet-manager/options/options.go b/cmd/fleet-manager/options/options.go index c3671ef61..d6f2e7510 100644 --- a/cmd/fleet-manager/options/options.go +++ b/cmd/fleet-manager/options/options.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/fleet-manager/pipeline/pipeline.go b/cmd/fleet-manager/pipeline/pipeline.go index e46fc6449..d4a96de5f 100644 --- a/cmd/fleet-manager/pipeline/pipeline.go +++ b/cmd/fleet-manager/pipeline/pipeline.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/cmd/fleet-manager/scheme/flux.go b/cmd/fleet-manager/scheme/flux.go index 3f604613c..d3c6698c2 100644 --- a/cmd/fleet-manager/scheme/flux.go +++ b/cmd/fleet-manager/scheme/flux.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/fleet-manager/scheme/scheme.go b/cmd/fleet-manager/scheme/scheme.go index 63c8cd3b6..abb01a05a 100644 --- a/cmd/fleet-manager/scheme/scheme.go +++ b/cmd/fleet-manager/scheme/scheme.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/app.go b/cmd/kurator/app/app.go index 0063c6762..463d3c837 100644 --- a/cmd/kurator/app/app.go +++ b/cmd/kurator/app/app.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/argocd/argocd.go b/cmd/kurator/app/install/argocd/argocd.go index 5fb067ed5..e0f283722 100644 --- a/cmd/kurator/app/install/argocd/argocd.go +++ b/cmd/kurator/app/install/argocd/argocd.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/install.go b/cmd/kurator/app/install/install.go index 4f59a6c74..ad8cdd36d 100644 --- a/cmd/kurator/app/install/install.go +++ b/cmd/kurator/app/install/install.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/istio/istio.go b/cmd/kurator/app/install/istio/istio.go index d01d0f7a6..a284d7bc6 100644 --- a/cmd/kurator/app/install/istio/istio.go +++ b/cmd/kurator/app/install/istio/istio.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/karmada/karmada.go b/cmd/kurator/app/install/karmada/karmada.go index 137969252..e1efd071f 100644 --- a/cmd/kurator/app/install/karmada/karmada.go +++ b/cmd/kurator/app/install/karmada/karmada.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/kubeedge/kubeedge.go b/cmd/kurator/app/install/kubeedge/kubeedge.go index 839b601f1..06f1e30e1 100644 --- a/cmd/kurator/app/install/kubeedge/kubeedge.go +++ b/cmd/kurator/app/install/kubeedge/kubeedge.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/pixie/pixie.go b/cmd/kurator/app/install/pixie/pixie.go index 6f3bffb5a..d7f1fa8ce 100644 --- a/cmd/kurator/app/install/pixie/pixie.go +++ b/cmd/kurator/app/install/pixie/pixie.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/pixie/vizier/vizier.go b/cmd/kurator/app/install/pixie/vizier/vizier.go index 856534c80..38ece6cbb 100644 --- a/cmd/kurator/app/install/pixie/vizier/vizier.go +++ b/cmd/kurator/app/install/pixie/vizier/vizier.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/prometheus/prometheus.go b/cmd/kurator/app/install/prometheus/prometheus.go index 502f4815f..949f1dc90 100644 --- a/cmd/kurator/app/install/prometheus/prometheus.go +++ b/cmd/kurator/app/install/prometheus/prometheus.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/submariner/submariner.go b/cmd/kurator/app/install/submariner/submariner.go index b3383738a..1713bc47d 100644 --- a/cmd/kurator/app/install/submariner/submariner.go +++ b/cmd/kurator/app/install/submariner/submariner.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/thanos/thanos.go b/cmd/kurator/app/install/thanos/thanos.go index c354510c9..5a25277b7 100644 --- a/cmd/kurator/app/install/thanos/thanos.go +++ b/cmd/kurator/app/install/thanos/thanos.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/install/volcano/volcano.go b/cmd/kurator/app/install/volcano/volcano.go index a305852c6..d05b9c660 100644 --- a/cmd/kurator/app/install/volcano/volcano.go +++ b/cmd/kurator/app/install/volcano/volcano.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/join/join.go b/cmd/kurator/app/join/join.go index d96695832..f8d958489 100644 --- a/cmd/kurator/app/join/join.go +++ b/cmd/kurator/app/join/join.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/join/karmada/karmada.go b/cmd/kurator/app/join/karmada/karmada.go index 5da2eda91..221b930b3 100644 --- a/cmd/kurator/app/join/karmada/karmada.go +++ b/cmd/kurator/app/join/karmada/karmada.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/join/kubeedge/kubeedge.go b/cmd/kurator/app/join/kubeedge/kubeedge.go index b25e1793d..70a27f30f 100644 --- a/cmd/kurator/app/join/kubeedge/kubeedge.go +++ b/cmd/kurator/app/join/kubeedge/kubeedge.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/pipeline/execution/execution.go b/cmd/kurator/app/pipeline/execution/execution.go index 37b7b7c21..7ce88b537 100644 --- a/cmd/kurator/app/pipeline/execution/execution.go +++ b/cmd/kurator/app/pipeline/execution/execution.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/pipeline/execution/list/list.go b/cmd/kurator/app/pipeline/execution/list/list.go index 48b7fa8dd..d596138f0 100644 --- a/cmd/kurator/app/pipeline/execution/list/list.go +++ b/cmd/kurator/app/pipeline/execution/list/list.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/pipeline/execution/logs/logs.go b/cmd/kurator/app/pipeline/execution/logs/logs.go index 15110f1f4..53cddbbb3 100644 --- a/cmd/kurator/app/pipeline/execution/logs/logs.go +++ b/cmd/kurator/app/pipeline/execution/logs/logs.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/pipeline/pipeline.go b/cmd/kurator/app/pipeline/pipeline.go index 3255d0f4b..4711ad6d4 100644 --- a/cmd/kurator/app/pipeline/pipeline.go +++ b/cmd/kurator/app/pipeline/pipeline.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/tool/tool.go b/cmd/kurator/app/tool/tool.go index 17bd481c7..487832026 100644 --- a/cmd/kurator/app/tool/tool.go +++ b/cmd/kurator/app/tool/tool.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/app/version/version.go b/cmd/kurator/app/version/version.go index a521a9da0..30591c862 100644 --- a/cmd/kurator/app/version/version.go +++ b/cmd/kurator/app/version/version.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/cmd/kurator/main.go b/cmd/kurator/main.go index 575b5a74c..cc72f726b 100644 --- a/cmd/kurator/main.go +++ b/cmd/kurator/main.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/fleet_attachedcluster_test.go b/e2e/fleet_attachedcluster_test.go index baea0023f..5190cc0db 100644 --- a/e2e/fleet_attachedcluster_test.go +++ b/e2e/fleet_attachedcluster_test.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/framework/cluster.go b/e2e/framework/cluster.go index 9f4efcb3a..9c9f3d358 100644 --- a/e2e/framework/cluster.go +++ b/e2e/framework/cluster.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/resources/attachedcluster.go b/e2e/resources/attachedcluster.go index 32c56aea3..bbaa1fadb 100644 --- a/e2e/resources/attachedcluster.go +++ b/e2e/resources/attachedcluster.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/resources/constant.go b/e2e/resources/constant.go index 5590fd381..9a4935deb 100644 --- a/e2e/resources/constant.go +++ b/e2e/resources/constant.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/resources/fleet.go b/e2e/resources/fleet.go index 569d98c4f..35dcedb7f 100644 --- a/e2e/resources/fleet.go +++ b/e2e/resources/fleet.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/resources/namespace.go b/e2e/resources/namespace.go index 429fc7cec..5c8536aff 100644 --- a/e2e/resources/namespace.go +++ b/e2e/resources/namespace.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/resources/secret.go b/e2e/resources/secret.go index 50d723a90..31faaab47 100644 --- a/e2e/resources/secret.go +++ b/e2e/resources/secret.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/resources/util.go b/e2e/resources/util.go index e50d3d95d..adc4351b4 100644 --- a/e2e/resources/util.go +++ b/e2e/resources/util.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/suite.go b/e2e/suite.go index 0a0fd8430..9f43dadc4 100644 --- a/e2e/suite.go +++ b/e2e/suite.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/e2e/suite_test.go b/e2e/suite_test.go index dbc0c011a..0d28d7966 100644 --- a/e2e/suite_test.go +++ b/e2e/suite_test.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt index e3ee8de2a..1cab0e645 100644 --- a/hack/boilerplate.go.txt +++ b/hack/boilerplate.go.txt @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/hack/boilerplate/boilerplate.go.txt b/hack/boilerplate/boilerplate.go.txt index 0b02c64b2..3f89c5302 100644 --- a/hack/boilerplate/boilerplate.go.txt +++ b/hack/boilerplate/boilerplate.go.txt @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/hack/e2e-test/run-e2e.sh b/hack/e2e-test/run-e2e.sh index 2805a56db..65c3ab879 100755 --- a/hack/e2e-test/run-e2e.sh +++ b/hack/e2e-test/run-e2e.sh @@ -1,4 +1,4 @@ -# Copyright Kurator Authors. +# Copyright 2022-2025 Kurator Authors. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/hack/gen-prom.sh b/hack/gen-prom.sh index aac3f326f..0a7c6dbd0 100755 --- a/hack/gen-prom.sh +++ b/hack/gen-prom.sh @@ -11,7 +11,7 @@ JB="${REPO_ROOT}/.tools/jb" PROM_OUT_PATH=${REPO_ROOT}/out/prom PROM_JSONNET_FILE=${REPO_ROOT}/$1 PROM_MANIFESTS_PATH=${REPO_ROOT}/${2} -KUBE_PROM_VER=${KUBE_PROM_VER:-v0.12.0} +KUBE_PROM_VER=${KUBE_PROM_VER:-v0.13.0} echo 'begin to generate prom manifests' echo "jsonnet: ${PROM_JSONNET_FILE}" diff --git a/hack/update-copyright.sh b/hack/update-copyright.sh new file mode 100755 index 000000000..b0915392a --- /dev/null +++ b/hack/update-copyright.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# Copyright 2022-2025 Kurator Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +WD=$(dirname "$0") +WD=$(cd "$WD"; pwd) + +OLD_COPYRIGHT="Copyright Kurator Authors." +NEW_COPYRIGHT="Copyright 2022-2025 Kurator Authors." + +echo "Searching for files with old copyright notice..." + +find . -type f \( -name "*.go" -o -name "*.sh" -o -name "*.yaml" -o -name "*.yml" -o -name "*.txt" -o -name "*.md" \) -print0 | while IFS= read -r -d '' file; do + if grep -q "$OLD_COPYRIGHT" "$file"; then + echo "Updating copyright in: $file" + sed -i "s|$OLD_COPYRIGHT|$NEW_COPYRIGHT|g" "$file" + fi +done + +echo "Copyright update completed." diff --git a/manifests/manifests.go b/manifests/manifests.go index 79f47b283..0b6640ef3 100644 --- a/manifests/manifests.go +++ b/manifests/manifests.go @@ -1,5 +1,5 @@ /* -Copyright Kurator Authors. +Copyright 2022-2025 Kurator Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/manifests/profiles/prom-thanos/kube-state-metrics-clusterRole.yaml b/manifests/profiles/prom-thanos/kube-state-metrics-clusterRole.yaml index d24412876..146bfd4e6 100644 --- a/manifests/profiles/prom-thanos/kube-state-metrics-clusterRole.yaml +++ b/manifests/profiles/prom-thanos/kube-state-metrics-clusterRole.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.7.0 + app.kubernetes.io/version: 2.9.2 name: kube-state-metrics rules: - apiGroups: @@ -78,6 +78,13 @@ rules: verbs: - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch - apiGroups: - storage.k8s.io resources: diff --git a/manifests/profiles/prom-thanos/kube-state-metrics-clusterRoleBinding.yaml b/manifests/profiles/prom-thanos/kube-state-metrics-clusterRoleBinding.yaml index 88c5faf0a..a431e4a62 100644 --- a/manifests/profiles/prom-thanos/kube-state-metrics-clusterRoleBinding.yaml +++ b/manifests/profiles/prom-thanos/kube-state-metrics-clusterRoleBinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.7.0 + app.kubernetes.io/version: 2.9.2 name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/profiles/prom-thanos/kube-state-metrics-deployment.yaml b/manifests/profiles/prom-thanos/kube-state-metrics-deployment.yaml index ec95b5ce9..8e5665d07 100644 --- a/manifests/profiles/prom-thanos/kube-state-metrics-deployment.yaml +++ b/manifests/profiles/prom-thanos/kube-state-metrics-deployment.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.7.0 + app.kubernetes.io/version: 2.9.2 name: kube-state-metrics namespace: monitoring spec: @@ -23,7 +23,7 @@ spec: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.7.0 + app.kubernetes.io/version: 2.9.2 spec: automountServiceAccountToken: true containers: @@ -32,7 +32,7 @@ spec: - --port=8081 - --telemetry-host=127.0.0.1 - --telemetry-port=8082 - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.7.0 + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.9.2 name: kube-state-metrics resources: limits: @@ -47,13 +47,15 @@ spec: drop: - ALL readOnlyRootFilesystem: true + runAsNonRoot: true runAsUser: 65534 + seccompProfile: + type: RuntimeDefault - args: - - --logtostderr - --secure-listen-address=:8443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8081/ - image: quay.io/brancz/kube-rbac-proxy:v0.14.0 + image: quay.io/brancz/kube-rbac-proxy:v0.14.2 name: kube-rbac-proxy-main ports: - containerPort: 8443 @@ -75,11 +77,10 @@ spec: runAsNonRoot: true runAsUser: 65532 - args: - - --logtostderr - --secure-listen-address=:9443 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - --upstream=http://127.0.0.1:8082/ - image: quay.io/brancz/kube-rbac-proxy:v0.14.0 + image: quay.io/brancz/kube-rbac-proxy:v0.14.2 name: kube-rbac-proxy-self ports: - containerPort: 9443 diff --git a/manifests/profiles/prom-thanos/kube-state-metrics-networkPolicy.yaml b/manifests/profiles/prom-thanos/kube-state-metrics-networkPolicy.yaml index 9815df83e..e41b058b3 100644 --- a/manifests/profiles/prom-thanos/kube-state-metrics-networkPolicy.yaml +++ b/manifests/profiles/prom-thanos/kube-state-metrics-networkPolicy.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.7.0 + app.kubernetes.io/version: 2.9.2 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/profiles/prom-thanos/kube-state-metrics-prometheusRule.yaml b/manifests/profiles/prom-thanos/kube-state-metrics-prometheusRule.yaml index 70082dda4..f0e1aad05 100644 --- a/manifests/profiles/prom-thanos/kube-state-metrics-prometheusRule.yaml +++ b/manifests/profiles/prom-thanos/kube-state-metrics-prometheusRule.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.7.0 + app.kubernetes.io/version: 2.9.2 prometheus: thanos role: alert-rules name: kube-state-metrics-rules @@ -20,9 +20,9 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kube-state-metrics/kubestatemetricslisterrors summary: kube-state-metrics is experiencing errors in list operations. expr: | - (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) + (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) by (cluster) / - sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) + sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m])) by (cluster)) > 0.01 for: 15m labels: @@ -33,9 +33,9 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kube-state-metrics/kubestatemetricswatcherrors summary: kube-state-metrics is experiencing errors in watch operations. expr: | - (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) + (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) by (cluster) / - sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) + sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m])) by (cluster)) > 0.01 for: 15m labels: @@ -46,7 +46,7 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kube-state-metrics/kubestatemetricsshardingmismatch summary: kube-state-metrics sharding is misconfigured. expr: | - stdvar (kube_state_metrics_total_shards{job="kube-state-metrics"}) != 0 + stdvar (kube_state_metrics_total_shards{job="kube-state-metrics"}) by (cluster) != 0 for: 15m labels: severity: critical @@ -56,9 +56,9 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kube-state-metrics/kubestatemetricsshardsmissing summary: kube-state-metrics shards are missing. expr: | - 2^max(kube_state_metrics_total_shards{job="kube-state-metrics"}) - 1 + 2^max(kube_state_metrics_total_shards{job="kube-state-metrics"}) by (cluster) - 1 - - sum( 2 ^ max by (shard_ordinal) (kube_state_metrics_shard_ordinal{job="kube-state-metrics"}) ) + sum( 2 ^ max by (cluster, shard_ordinal) (kube_state_metrics_shard_ordinal{job="kube-state-metrics"}) ) by (cluster) != 0 for: 15m labels: diff --git a/manifests/profiles/prom-thanos/kube-state-metrics-service.yaml b/manifests/profiles/prom-thanos/kube-state-metrics-service.yaml index e349fe7f3..55145cace 100644 --- a/manifests/profiles/prom-thanos/kube-state-metrics-service.yaml +++ b/manifests/profiles/prom-thanos/kube-state-metrics-service.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.7.0 + app.kubernetes.io/version: 2.9.2 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/profiles/prom-thanos/kube-state-metrics-serviceAccount.yaml b/manifests/profiles/prom-thanos/kube-state-metrics-serviceAccount.yaml index be116f6ef..f34b1a8fb 100644 --- a/manifests/profiles/prom-thanos/kube-state-metrics-serviceAccount.yaml +++ b/manifests/profiles/prom-thanos/kube-state-metrics-serviceAccount.yaml @@ -6,6 +6,6 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.7.0 + app.kubernetes.io/version: 2.9.2 name: kube-state-metrics namespace: monitoring diff --git a/manifests/profiles/prom-thanos/kube-state-metrics-serviceMonitor.yaml b/manifests/profiles/prom-thanos/kube-state-metrics-serviceMonitor.yaml index 1dde4b0c2..93ca4bd84 100644 --- a/manifests/profiles/prom-thanos/kube-state-metrics-serviceMonitor.yaml +++ b/manifests/profiles/prom-thanos/kube-state-metrics-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: exporter app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.7.0 + app.kubernetes.io/version: 2.9.2 name: kube-state-metrics namespace: monitoring spec: diff --git a/manifests/profiles/prom-thanos/kubernetes-prometheusRule.yaml b/manifests/profiles/prom-thanos/kubernetes-prometheusRule.yaml index 3ff9c00a2..ae5ccb6a1 100644 --- a/manifests/profiles/prom-thanos/kubernetes-prometheusRule.yaml +++ b/manifests/profiles/prom-thanos/kubernetes-prometheusRule.yaml @@ -68,11 +68,22 @@ spec: for: 15m labels: severity: warning + - alert: KubeDeploymentRolloutStuck + annotations: + description: Rollout of deployment {{ $labels.namespace }}/{{ $labels.deployment }} is not progressing for longer than 15 minutes. + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubedeploymentrolloutstuck + summary: Deployment rollout is not progressing. + expr: | + kube_deployment_status_condition{condition="Progressing", status="false",job="kube-state-metrics"} + != 0 + for: 15m + labels: + severity: warning - alert: KubeStatefulSetReplicasMismatch annotations: description: StatefulSet {{ $labels.namespace }}/{{ $labels.statefulset }} has not matched the expected number of replicas for longer than 15 minutes. runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubestatefulsetreplicasmismatch - summary: Deployment has not matched the expected number of replicas. + summary: StatefulSet has not matched the expected number of replicas. expr: | ( kube_statefulset_status_replicas_ready{job="kube-state-metrics"} @@ -247,50 +258,50 @@ spec: rules: - alert: KubeCPUOvercommit annotations: - description: Cluster has overcommitted CPU resource requests for Pods by {{ $value }} CPU shares and cannot tolerate node failure. + description: Cluster {{ $labels.cluster }} has overcommitted CPU resource requests for Pods by {{ $value }} CPU shares and cannot tolerate node failure. runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubecpuovercommit summary: Cluster has overcommitted CPU resource requests. expr: | - sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) - (sum(kube_node_status_allocatable{resource="cpu"}) - max(kube_node_status_allocatable{resource="cpu"})) > 0 + sum(namespace_cpu:kube_pod_container_resource_requests:sum{job="kube-state-metrics",}) by (cluster) - (sum(kube_node_status_allocatable{job="kube-state-metrics",resource="cpu"}) by (cluster) - max(kube_node_status_allocatable{job="kube-state-metrics",resource="cpu"}) by (cluster)) > 0 and - (sum(kube_node_status_allocatable{resource="cpu"}) - max(kube_node_status_allocatable{resource="cpu"})) > 0 + (sum(kube_node_status_allocatable{job="kube-state-metrics",resource="cpu"}) by (cluster) - max(kube_node_status_allocatable{job="kube-state-metrics",resource="cpu"}) by (cluster)) > 0 for: 10m labels: severity: warning - alert: KubeMemoryOvercommit annotations: - description: Cluster has overcommitted memory resource requests for Pods by {{ $value | humanize }} bytes and cannot tolerate node failure. + description: Cluster {{ $labels.cluster }} has overcommitted memory resource requests for Pods by {{ $value | humanize }} bytes and cannot tolerate node failure. runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubememoryovercommit summary: Cluster has overcommitted memory resource requests. expr: | - sum(namespace_memory:kube_pod_container_resource_requests:sum{}) - (sum(kube_node_status_allocatable{resource="memory"}) - max(kube_node_status_allocatable{resource="memory"})) > 0 + sum(namespace_memory:kube_pod_container_resource_requests:sum{}) by (cluster) - (sum(kube_node_status_allocatable{resource="memory", job="kube-state-metrics"}) by (cluster) - max(kube_node_status_allocatable{resource="memory", job="kube-state-metrics"}) by (cluster)) > 0 and - (sum(kube_node_status_allocatable{resource="memory"}) - max(kube_node_status_allocatable{resource="memory"})) > 0 + (sum(kube_node_status_allocatable{resource="memory", job="kube-state-metrics"}) by (cluster) - max(kube_node_status_allocatable{resource="memory", job="kube-state-metrics"}) by (cluster)) > 0 for: 10m labels: severity: warning - alert: KubeCPUQuotaOvercommit annotations: - description: Cluster has overcommitted CPU resource requests for Namespaces. + description: Cluster {{ $labels.cluster }} has overcommitted CPU resource requests for Namespaces. runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubecpuquotaovercommit summary: Cluster has overcommitted CPU resource requests. expr: | - sum(min without(resource) (kube_resourcequota{job="kube-state-metrics", type="hard", resource=~"(cpu|requests.cpu)"})) + sum(min without(resource) (kube_resourcequota{job="kube-state-metrics", type="hard", resource=~"(cpu|requests.cpu)"})) by (cluster) / - sum(kube_node_status_allocatable{resource="cpu", job="kube-state-metrics"}) + sum(kube_node_status_allocatable{resource="cpu", job="kube-state-metrics"}) by (cluster) > 1.5 for: 5m labels: severity: warning - alert: KubeMemoryQuotaOvercommit annotations: - description: Cluster has overcommitted memory resource requests for Namespaces. + description: Cluster {{ $labels.cluster }} has overcommitted memory resource requests for Namespaces. runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubememoryquotaovercommit summary: Cluster has overcommitted memory resource requests. expr: | - sum(min without(resource) (kube_resourcequota{job="kube-state-metrics", type="hard", resource=~"(memory|requests.memory)"})) + sum(min without(resource) (kube_resourcequota{job="kube-state-metrics", type="hard", resource=~"(memory|requests.memory)"})) by (cluster) / - sum(kube_node_status_allocatable{resource="memory", job="kube-state-metrics"}) + sum(kube_node_status_allocatable{resource="memory", job="kube-state-metrics"}) by (cluster) > 1.5 for: 5m labels: @@ -461,9 +472,9 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeclienterrors summary: Kubernetes API server client is experiencing errors. expr: | - (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (cluster, instance, job, namespace) + (sum(rate(rest_client_requests_total{job="apiserver",code=~"5.."}[5m])) by (cluster, instance, job, namespace) / - sum(rate(rest_client_requests_total[5m])) by (cluster, instance, job, namespace)) + sum(rate(rest_client_requests_total{job="apiserver"}[5m])) by (cluster, instance, job, namespace)) > 0.01 for: 15m labels: @@ -554,7 +565,7 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeaggregatedapierrors summary: Kubernetes aggregated API has reported errors. expr: | - sum by(name, namespace, cluster)(increase(aggregator_unavailable_apiservice_total[10m])) > 4 + sum by(name, namespace, cluster)(increase(aggregator_unavailable_apiservice_total{job="apiserver"}[10m])) > 4 labels: severity: warning - alert: KubeAggregatedAPIDown @@ -563,7 +574,7 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubeaggregatedapidown summary: Kubernetes aggregated API is down. expr: | - (1 - max by(name, namespace, cluster)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 + (1 - max by(name, namespace, cluster)(avg_over_time(aggregator_unavailable_apiservice{job="apiserver"}[10m]))) * 100 < 85 for: 5m labels: severity: warning @@ -631,7 +642,7 @@ spec: runbook_url: https://runbooks.prometheus-operator.dev/runbooks/kubernetes/kubenodereadinessflapping summary: Node readiness status is flapping. expr: | - sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (cluster, node) > 2 + sum(changes(kube_node_status_condition{job="kube-state-metrics",status="true",condition="Ready"}[15m])) by (cluster, node) > 2 for: 15m labels: severity: warning @@ -1079,7 +1090,7 @@ spec: verb: write record: code:apiserver_request_total:increase30d - expr: | - sum by (cluster, verb, scope) (increase(apiserver_request_slo_duration_seconds_count[1h])) + sum by (cluster, verb, scope) (increase(apiserver_request_slo_duration_seconds_count{job="apiserver"}[1h])) record: cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase1h - expr: | sum by (cluster, verb, scope) (avg_over_time(cluster_verb_scope:apiserver_request_slo_duration_seconds_count:increase1h[30d]) * 24 * 30) @@ -1197,26 +1208,26 @@ spec: record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate - expr: | container_memory_working_set_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) + * on (cluster, namespace, pod) group_left(node) topk by(cluster, namespace, pod) (1, + max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) record: node_namespace_pod_container:container_memory_working_set_bytes - expr: | container_memory_rss{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) + * on (cluster, namespace, pod) group_left(node) topk by(cluster, namespace, pod) (1, + max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) record: node_namespace_pod_container:container_memory_rss - expr: | container_memory_cache{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) + * on (cluster, namespace, pod) group_left(node) topk by(cluster, namespace, pod) (1, + max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) record: node_namespace_pod_container:container_memory_cache - expr: | container_memory_swap{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) + * on (cluster, namespace, pod) group_left(node) topk by(cluster, namespace, pod) (1, + max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) ) record: node_namespace_pod_container:container_memory_swap - expr: | @@ -1422,17 +1433,17 @@ spec: - name: kubelet.rules rules: - expr: | - histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) labels: quantile: "0.99" record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - expr: | - histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) labels: quantile: "0.9" record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - expr: | - histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) labels: quantile: "0.5" record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile diff --git a/manifests/profiles/prom-thanos/kubernetes-serviceMonitorApiserver.yaml b/manifests/profiles/prom-thanos/kubernetes-serviceMonitorApiserver.yaml index 95f4e3383..bfc1f3154 100644 --- a/manifests/profiles/prom-thanos/kubernetes-serviceMonitorApiserver.yaml +++ b/manifests/profiles/prom-thanos/kubernetes-serviceMonitorApiserver.yaml @@ -20,7 +20,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs|longrunning_gauge|registered_watchers) + regex: apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs|longrunning_gauge|registered_watchers|storage_db_total_size_in_bytes) sourceLabels: - __name__ - action: drop diff --git a/manifests/profiles/prom-thanos/kubernetes-serviceMonitorKubeControllerManager.yaml b/manifests/profiles/prom-thanos/kubernetes-serviceMonitorKubeControllerManager.yaml index efd7135f4..1a71e8e45 100644 --- a/manifests/profiles/prom-thanos/kubernetes-serviceMonitorKubeControllerManager.yaml +++ b/manifests/profiles/prom-thanos/kubernetes-serviceMonitorKubeControllerManager.yaml @@ -20,7 +20,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs|longrunning_gauge|registered_watchers) + regex: apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs|longrunning_gauge|registered_watchers|storage_db_total_size_in_bytes) sourceLabels: - __name__ - action: drop diff --git a/manifests/profiles/prom-thanos/kubernetes-serviceMonitorKubelet.yaml b/manifests/profiles/prom-thanos/kubernetes-serviceMonitorKubelet.yaml index 92b3d13d7..96bbdbab7 100644 --- a/manifests/profiles/prom-thanos/kubernetes-serviceMonitorKubelet.yaml +++ b/manifests/profiles/prom-thanos/kubernetes-serviceMonitorKubelet.yaml @@ -21,7 +21,7 @@ spec: sourceLabels: - __name__ - action: drop - regex: apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs|longrunning_gauge|registered_watchers) + regex: apiserver_(request_count|request_latencies|request_latencies_summary|dropped_requests|storage_data_key_generation_latencies_microseconds|storage_transformation_failures_total|storage_transformation_latencies_microseconds|proxy_tunnel_sync_latency_secs|longrunning_gauge|registered_watchers|storage_db_total_size_in_bytes) sourceLabels: - __name__ - action: drop @@ -46,7 +46,8 @@ spec: - __name__ port: https-metrics relabelings: - - sourceLabels: + - action: replace + sourceLabels: - __metrics_path__ targetLabel: metrics_path scheme: https @@ -75,7 +76,8 @@ spec: path: /metrics/cadvisor port: https-metrics relabelings: - - sourceLabels: + - action: replace + sourceLabels: - __metrics_path__ targetLabel: metrics_path scheme: https @@ -87,7 +89,8 @@ spec: path: /metrics/probes port: https-metrics relabelings: - - sourceLabels: + - action: replace + sourceLabels: - __metrics_path__ targetLabel: metrics_path scheme: https diff --git a/manifests/profiles/prom-thanos/prometheus-clusterRole.yaml b/manifests/profiles/prom-thanos/prometheus-clusterRole.yaml index 8c0796232..71da48cf0 100644 --- a/manifests/profiles/prom-thanos/prometheus-clusterRole.yaml +++ b/manifests/profiles/prom-thanos/prometheus-clusterRole.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos rules: - apiGroups: diff --git a/manifests/profiles/prom-thanos/prometheus-clusterRoleBinding.yaml b/manifests/profiles/prom-thanos/prometheus-clusterRoleBinding.yaml index 23d8011b0..17f8ed637 100644 --- a/manifests/profiles/prom-thanos/prometheus-clusterRoleBinding.yaml +++ b/manifests/profiles/prom-thanos/prometheus-clusterRoleBinding.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/manifests/profiles/prom-thanos/prometheus-networkPolicy.yaml b/manifests/profiles/prom-thanos/prometheus-networkPolicy.yaml index 5c40a8d98..95cb35e56 100644 --- a/manifests/profiles/prom-thanos/prometheus-networkPolicy.yaml +++ b/manifests/profiles/prom-thanos/prometheus-networkPolicy.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos namespace: monitoring spec: @@ -24,6 +24,13 @@ spec: protocol: TCP - port: 10901 protocol: TCP + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: prometheus-adapter + ports: + - port: 9090 + protocol: TCP - from: - podSelector: matchLabels: diff --git a/manifests/profiles/prom-thanos/prometheus-operator-serviceMonitor.yaml b/manifests/profiles/prom-thanos/prometheus-operator-serviceMonitor.yaml index 0f7d68a73..4b3c5c646 100644 --- a/manifests/profiles/prom-thanos/prometheus-operator-serviceMonitor.yaml +++ b/manifests/profiles/prom-thanos/prometheus-operator-serviceMonitor.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.62.0 + app.kubernetes.io/version: 0.67.1 name: prometheus-operator namespace: monitoring spec: @@ -21,4 +21,4 @@ spec: app.kubernetes.io/component: controller app.kubernetes.io/name: prometheus-operator app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 0.62.0 + app.kubernetes.io/version: 0.67.1 diff --git a/manifests/profiles/prom-thanos/prometheus-podDisruptionBudget.yaml b/manifests/profiles/prom-thanos/prometheus-podDisruptionBudget.yaml index abe03d59c..fe3f69368 100644 --- a/manifests/profiles/prom-thanos/prometheus-podDisruptionBudget.yaml +++ b/manifests/profiles/prom-thanos/prometheus-podDisruptionBudget.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos namespace: monitoring spec: diff --git a/manifests/profiles/prom-thanos/prometheus-prometheus.yaml b/manifests/profiles/prom-thanos/prometheus-prometheus.yaml index 5003e51e4..c427e58a1 100644 --- a/manifests/profiles/prom-thanos/prometheus-prometheus.yaml +++ b/manifests/profiles/prom-thanos/prometheus-prometheus.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: thanos namespace: monitoring spec: @@ -21,7 +21,7 @@ spec: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 podMonitorNamespaceSelector: {} podMonitorSelector: {} probeNamespaceSelector: {} @@ -44,4 +44,4 @@ spec: key: thanos.yaml name: thanos-objstore-config version: v0.8.1 - version: 2.41.0 + version: 2.46.0 diff --git a/manifests/profiles/prom-thanos/prometheus-prometheusRule.yaml b/manifests/profiles/prom-thanos/prometheus-prometheusRule.yaml index b0cdace89..432be569d 100644 --- a/manifests/profiles/prom-thanos/prometheus-prometheusRule.yaml +++ b/manifests/profiles/prom-thanos/prometheus-prometheusRule.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 prometheus: thanos role: alert-rules name: prometheus-thanos-prometheus-rules @@ -27,6 +27,16 @@ spec: for: 10m labels: severity: critical + - alert: PrometheusSDRefreshFailure + annotations: + description: Prometheus {{$labels.namespace}}/{{$labels.pod}} has failed to refresh SD with mechanism {{$labels.mechanism}}. + runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus/prometheussdrefreshfailure + summary: Failed Prometheus SD refresh. + expr: | + increase(prometheus_sd_refresh_failures_total{job="prometheus-thanos",namespace="monitoring"}[10m]) > 0 + for: 20m + labels: + severity: warning - alert: PrometheusNotificationQueueRunningFull annotations: description: Alert notification queue of Prometheus {{$labels.namespace}}/{{$labels.pod}} is running full. diff --git a/manifests/profiles/prom-thanos/prometheus-prometheusRuleThanosSidecar.yaml b/manifests/profiles/prom-thanos/prometheus-prometheusRuleThanosSidecar.yaml index 4eefd2a38..0a40a0bf3 100644 --- a/manifests/profiles/prom-thanos/prometheus-prometheusRuleThanosSidecar.yaml +++ b/manifests/profiles/prom-thanos/prometheus-prometheusRuleThanosSidecar.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 prometheus: thanos role: alert-rules name: prometheus-thanos-thanos-sidecar-rules diff --git a/manifests/profiles/prom-thanos/prometheus-roleBindingConfig.yaml b/manifests/profiles/prom-thanos/prometheus-roleBindingConfig.yaml index 5f905f87b..7e369b099 100644 --- a/manifests/profiles/prom-thanos/prometheus-roleBindingConfig.yaml +++ b/manifests/profiles/prom-thanos/prometheus-roleBindingConfig.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos-config namespace: monitoring roleRef: diff --git a/manifests/profiles/prom-thanos/prometheus-roleConfig.yaml b/manifests/profiles/prom-thanos/prometheus-roleConfig.yaml index dc45a87dc..977c9315b 100644 --- a/manifests/profiles/prom-thanos/prometheus-roleConfig.yaml +++ b/manifests/profiles/prom-thanos/prometheus-roleConfig.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos-config namespace: monitoring rules: diff --git a/manifests/profiles/prom-thanos/prometheus-service.yaml b/manifests/profiles/prom-thanos/prometheus-service.yaml index 80c35551b..eff071381 100644 --- a/manifests/profiles/prom-thanos/prometheus-service.yaml +++ b/manifests/profiles/prom-thanos/prometheus-service.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos namespace: monitoring spec: diff --git a/manifests/profiles/prom-thanos/prometheus-serviceAccount.yaml b/manifests/profiles/prom-thanos/prometheus-serviceAccount.yaml index 86f5536dc..be18f6a46 100644 --- a/manifests/profiles/prom-thanos/prometheus-serviceAccount.yaml +++ b/manifests/profiles/prom-thanos/prometheus-serviceAccount.yaml @@ -7,6 +7,6 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos namespace: monitoring diff --git a/manifests/profiles/prom-thanos/prometheus-serviceMonitor.yaml b/manifests/profiles/prom-thanos/prometheus-serviceMonitor.yaml index 221b6e834..6f99592b5 100644 --- a/manifests/profiles/prom-thanos/prometheus-serviceMonitor.yaml +++ b/manifests/profiles/prom-thanos/prometheus-serviceMonitor.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos namespace: monitoring spec: diff --git a/manifests/profiles/prom-thanos/prometheus-serviceMonitorThanosSidecar.yaml b/manifests/profiles/prom-thanos/prometheus-serviceMonitorThanosSidecar.yaml index ade3064b1..459ab2ec2 100644 --- a/manifests/profiles/prom-thanos/prometheus-serviceMonitorThanosSidecar.yaml +++ b/manifests/profiles/prom-thanos/prometheus-serviceMonitorThanosSidecar.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: thanos-sidecar namespace: monitoring spec: diff --git a/manifests/profiles/prom-thanos/prometheus-serviceThanosSidecar.yaml b/manifests/profiles/prom-thanos/prometheus-serviceThanosSidecar.yaml index 9be8fcfdb..71e22a81f 100644 --- a/manifests/profiles/prom-thanos/prometheus-serviceThanosSidecar.yaml +++ b/manifests/profiles/prom-thanos/prometheus-serviceThanosSidecar.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: thanos app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus - app.kubernetes.io/version: 2.41.0 + app.kubernetes.io/version: 2.46.0 name: prometheus-thanos-thanos-sidecar namespace: monitoring spec: diff --git a/manifests/profiles/prom-thanos/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml b/manifests/profiles/prom-thanos/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml index ad8336df6..afd9dd1b5 100644 --- a/manifests/profiles/prom-thanos/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml +++ b/manifests/profiles/prom-thanos/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: alertmanagerconfigs.monitoring.coreos.com spec: @@ -175,6 +175,295 @@ spec: items: description: Receiver defines one or more notification integrations. properties: + discordConfigs: + description: List of Discord configurations. + items: + description: DiscordConfig configures notifications via Discord. See https://prometheus.io/docs/alerting/latest/configuration/#discord_config + properties: + apiURL: + description: The secret's key that contains the Discord webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: The template of the message's body. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + title: + description: The template of the message's title. + type: string + required: + - apiURL + type: object + type: array emailConfigs: description: List of Email configurations. items: @@ -417,7 +706,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -433,7 +722,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -764,7 +1053,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -780,7 +1069,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -1102,7 +1391,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -1118,7 +1407,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -1503,7 +1792,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -1519,7 +1808,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -1803,7 +2092,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -1819,7 +2108,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -2065,7 +2354,7 @@ spec: description: Configures AWS's Signature Verification 4 signing process to sign requests. properties: accessKey: - description: AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used. + description: AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -2090,7 +2379,7 @@ spec: description: RoleArn is the named AWS profile used to authenticate. type: string secretKey: - description: SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used. + description: SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -2154,7 +2443,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -2170,7 +2459,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -2468,7 +2757,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -2484,7 +2773,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -2746,7 +3035,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -2762,7 +3051,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -3058,7 +3347,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -3074,7 +3363,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: diff --git a/manifests/profiles/prom-thanos/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml b/manifests/profiles/prom-thanos/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml index 1f9089d27..c1e6cc0d2 100644 --- a/manifests/profiles/prom-thanos/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml +++ b/manifests/profiles/prom-thanos/setup/prometheus-operator-0alertmanagerCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: alertmanagers.monitoring.coreos.com spec: @@ -27,6 +27,16 @@ spec: jsonPath: .spec.replicas name: Replicas type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date @@ -614,7 +624,7 @@ spec: description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -630,7 +640,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -864,10 +874,127 @@ spec: type: string type: object type: object + opsGenieApiKey: + description: The default OpsGenie API Key. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + opsGenieApiUrl: + description: The default OpsGenie API URL. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + pagerdutyUrl: + description: The default Pagerduty URL. + type: string resolveTimeout: description: ResolveTimeout is the default value used by alertmanager if the alert does not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. This has no impact on alerts from Prometheus, as they always include EndsAt. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + slackApiUrl: + description: The default Slack API URL. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + smtp: + description: Configures global SMTP parameters. + properties: + authIdentity: + description: SMTP Auth using PLAIN + type: string + authPassword: + description: SMTP Auth using LOGIN and PLAIN. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: SMTP Auth using CRAM-MD5. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server. + type: string + from: + description: The default SMTP From header field. + type: string + hello: + description: The default hostname to identify to the SMTP server. + type: string + requireTLS: + description: The default SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + smartHost: + description: The default SMTP smarthost used for sending emails. + properties: + host: + description: Defines the host's address, it can be a DNS name or a literal IP address. + minLength: 1 + type: string + port: + description: Defines the host's port, it can be a literal port number or a port name. + minLength: 1 + type: string + required: + - host + - port + type: object + type: object type: object name: description: The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. It must be defined in the same namespace as the Alertmanager object. The operator will not enforce a `namespace` label for routes and inhibition rules. @@ -913,6 +1040,9 @@ spec: type: object type: array type: object + automountServiceAccountToken: + description: 'AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod. If the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials.' + type: boolean baseImage: description: 'Base image that is used to deploy pods, without tag. Deprecated: use ''image'' instead' type: string @@ -1103,7 +1233,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1168,7 +1298,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1227,7 +1357,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1251,7 +1381,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1363,7 +1493,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1387,7 +1517,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1448,9 +1578,41 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1467,7 +1629,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -1574,7 +1736,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1598,7 +1760,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1775,7 +1937,7 @@ spec: x-kubernetes-map-type: atomic type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' items: description: A single application container that you want to run within a pod. properties: @@ -1938,7 +2100,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2003,7 +2165,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2062,7 +2224,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2086,7 +2248,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2198,7 +2360,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2222,7 +2384,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2283,9 +2445,41 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2302,7 +2496,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -2409,7 +2603,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2433,7 +2627,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2609,7 +2803,8 @@ spec: type: string type: object portName: - description: Port name used for the pods and governing service. This defaults to web + default: web + description: Port name used for the pods and governing service. Defaults to `web`. type: string priorityClassName: description: Priority class assigned to the Pods @@ -2621,6 +2816,21 @@ spec: resources: description: Define resources requests and limits for single Pods. properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2637,7 +2847,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object retention: @@ -2703,7 +2913,7 @@ spec: - type type: object supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -2751,10 +2961,10 @@ spec: description: Storage is the definition of how storage will be used by the Alertmanager instances. properties: disableMountSubPath: - description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + description: '*Deprecated: subPath usage will be removed in a future release.*' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the StatefulSet. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + description: 'EmptyDirVolumeSource to be used by the StatefulSet. If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: description: 'medium represents what type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' @@ -2763,12 +2973,12 @@ spec: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' + description: 'EphemeralVolumeSource to be used by the StatefulSet. This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." @@ -2785,7 +2995,7 @@ spec: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.' + description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -2802,7 +3012,7 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.' + description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -2813,14 +3023,31 @@ spec: name: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2837,7 +3064,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -2886,7 +3113,7 @@ spec: type: object type: object volumeClaimTemplate: - description: A PVC spec to be used by the StatefulSet. The easiest way to use a volume that cannot be automatically provisioned (for whatever reason) is to use a label selector alongside manually created PersistentVolumes. + description: Defines the PVC spec to be used by the Prometheus StatefulSets. The easiest way to use a volume that cannot be automatically provisioned is to use a label selector alongside manually created PersistentVolumes. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' @@ -2912,7 +3139,7 @@ spec: type: string type: object spec: - description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: 'Defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' @@ -2920,7 +3147,7 @@ spec: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.' + description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -2937,7 +3164,7 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.' + description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -2948,14 +3175,31 @@ spec: name: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2972,7 +3216,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -3017,7 +3261,7 @@ spec: type: string type: object status: - description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + description: '*Deprecated: this field is never set.*' properties: accessModes: description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' @@ -3045,7 +3289,7 @@ spec: conditions: description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contails details about state of pvc + description: PersistentVolumeClaimCondition contains details about state of pvc properties: lastProbeTime: description: lastProbeTime is the time we probed the condition. @@ -3143,7 +3387,7 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: string type: array @@ -3157,10 +3401,10 @@ spec: format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. @@ -3454,7 +3698,7 @@ spec: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3476,7 +3720,7 @@ spec: type: string type: array dataSource: - description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.' + description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: apiGroup: description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -3493,7 +3737,7 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.' + description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. @@ -3504,14 +3748,31 @@ spec: name: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string required: - kind - name type: object - x-kubernetes-map-type: atomic resources: description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3528,7 +3789,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4142,6 +4403,10 @@ spec: web: description: Defines the web command line flags when starting Alertmanager. properties: + getConcurrency: + description: Maximum number of GET requests processed concurrently. This corresponds to the Alertmanager's `--web.get-concurrency` flag. + format: int32 + type: integer httpConfig: description: Defines HTTP parameters for web server. properties: @@ -4175,6 +4440,10 @@ spec: description: Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered. type: boolean type: object + timeout: + description: Timeout for HTTP requests. This corresponds to the Alertmanager's `--web.timeout` flag. + format: int32 + type: integer tlsConfig: description: Defines the TLS parameters for HTTPS. properties: @@ -4295,25 +4564,59 @@ spec: type: object type: object status: - description: 'Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + description: 'Most recent observed status of the Alertmanager cluster. Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: availableReplicas: description: Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. format: int32 type: integer + conditions: + description: The current state of the Alertmanager object. + items: + description: Condition represents the state of the resources associated with the Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update to the current status property. + format: date-time + type: string + message: + description: Human-readable message indicating details for the condition's last transition. + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if `.metadata.generation` is currently 12, but the `.status.conditions[].observedGeneration` is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. + type: string + status: + description: Status of the condition. + type: string + type: + description: Type of the condition being reported. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map paused: description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. type: boolean replicas: - description: Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector). + description: Total number of non-terminated pods targeted by this Alertmanager object (their labels match the selector). format: int32 type: integer unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager cluster. + description: Total number of unavailable pods targeted by this Alertmanager object. format: int32 type: integer updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec. + description: Total number of non-terminated pods targeted by this Alertmanager object that have the desired version spec. format: int32 type: integer required: @@ -4328,4 +4631,5 @@ spec: type: object served: true storage: true - subresources: {} + subresources: + status: {} diff --git a/manifests/profiles/prom-thanos/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml b/manifests/profiles/prom-thanos/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml index 20e3b0b31..8d9d91f6e 100644 --- a/manifests/profiles/prom-thanos/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml +++ b/manifests/profiles/prom-thanos/setup/prometheus-operator-0podmonitorCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: podmonitors.monitoring.coreos.com spec: @@ -77,7 +77,7 @@ spec: description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -93,7 +93,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -170,11 +170,11 @@ spec: metricRelabelings: description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -194,29 +194,33 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label values. + description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator is the string between concatenated SourceLabels. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array @@ -313,11 +317,11 @@ spec: relabelings: description: 'RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job''s name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -337,34 +341,41 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label values. + description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator is the string between concatenated SourceLabels. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. + description: HTTP scheme to use for scraping. `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. If empty, Prometheus uses the default value `http`. + enum: + - http + - https type: string scrapeTimeout: description: Timeout after which the scrape is ended If not specified, the Prometheus global scrape interval is used. diff --git a/manifests/profiles/prom-thanos/setup/prometheus-operator-0probeCustomResourceDefinition.yaml b/manifests/profiles/prom-thanos/setup/prometheus-operator-0probeCustomResourceDefinition.yaml index bb5b3d465..a09d58453 100644 --- a/manifests/profiles/prom-thanos/setup/prometheus-operator-0probeCustomResourceDefinition.yaml +++ b/manifests/profiles/prom-thanos/setup/prometheus-operator-0probeCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: probes.monitoring.coreos.com spec: @@ -38,7 +38,7 @@ spec: description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -54,7 +54,7 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: @@ -131,11 +131,11 @@ spec: metricRelabelings: description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -155,29 +155,33 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label values. + description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator is the string between concatenated SourceLabels. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array @@ -269,7 +273,10 @@ spec: description: Optional ProxyURL. type: string scheme: - description: HTTP scheme to use for scraping. Defaults to `http`. + description: HTTP scheme to use for scraping. `http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling. If empty, Prometheus uses the default value `http`. + enum: + - http + - https type: string url: description: Mandatory URL of the prober. @@ -282,7 +289,7 @@ spec: format: int64 type: integer scrapeTimeout: - description: Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape interval is used. + description: Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -310,11 +317,11 @@ spec: relabelingConfigs: description: 'RelabelConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the `__tmp_prometheus_ingress_address` label. It can be used to customize the probed URL. The original scrape job''s name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -334,29 +341,33 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label values. + description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator is the string between concatenated SourceLabels. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array @@ -403,11 +414,11 @@ spec: relabelingConfigs: description: 'RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + description: "RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. \n More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" properties: action: default: replace - description: Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36. + description: "Action to perform based on the regex matching. \n `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. \n Default: \"Replace\"" enum: - replace - Replace @@ -427,29 +438,33 @@ spec: - Lowercase - uppercase - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label values. + description: "Modulus to take of the hash of the source label values. \n Only applicable when the action is `HashMod`." format: int64 type: integer regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' + description: Regular expression against which the extracted value is matched. type: string replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + description: "Replacement value against which a Replace action is performed if the regular expression matches. \n Regex capture groups are available." type: string separator: - description: Separator placed between concatenated source label values. default is ';'. + description: Separator is the string between concatenated SourceLabels. type: string sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + description: The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression. items: description: LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + description: "Label to which the resulting string is written in a replacement. \n It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. \n Regex capture groups are available." type: string type: object type: array diff --git a/manifests/profiles/prom-thanos/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml b/manifests/profiles/prom-thanos/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml index f998aad7d..177c030d2 100644 --- a/manifests/profiles/prom-thanos/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml +++ b/manifests/profiles/prom-thanos/setup/prometheus-operator-0prometheusCustomResourceDefinition.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: prometheuses.monitoring.coreos.com spec: @@ -62,7 +62,7 @@ spec: description: 'Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' properties: additionalAlertManagerConfigs: - description: 'AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.' + description: "AdditionalAlertManagerConfigs specifies a key of a Secret containing additional Prometheus Alertmanager configurations. The Alertmanager configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config \n The user is responsible for making sure that the configurations are valid \n Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade." properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -78,7 +78,7 @@ spec: type: object x-kubernetes-map-type: atomic additionalAlertRelabelConfigs: - description: 'AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.' + description: "AdditionalAlertRelabelConfigs specifies a key of a Secret containing additional Prometheus alert relabel configurations. The alert relabel configurations are appended to the configuration generated by the Prometheus Operator. They must be formatted according to the official Prometheus documentation: \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs \n The user is responsible for making sure that the configurations are valid \n Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade." properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -94,7 +94,7 @@ spec: type: object x-kubernetes-map-type: atomic additionalArgs: - description: AdditionalArgs allows setting additional arguments for the Prometheus container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged. + description: "AdditionalArgs allows setting additional arguments for the 'prometheus' container. \n It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supported by the given Prometheus version. \n In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument, the reconciliation will fail and an error will be logged." items: description: Argument as part of the AdditionalArgs list. properties: @@ -126,7 +126,7 @@ spec: type: object x-kubernetes-map-type: atomic affinity: - description: If specified, the pod's scheduling constraints. + description: Defines the Pods' affinity scheduling rules if specified. properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. @@ -598,21 +598,21 @@ spec: type: object type: object alerting: - description: Define details regarding alerting. + description: Defines the settings related to Alertmanager. properties: alertmanagers: description: AlertmanagerEndpoints Prometheus should fire alerts against. items: - description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. + description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing Alertmanager IPs to fire alerts against. properties: apiVersion: description: Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". type: string authorization: - description: Authorization section for this alertmanager endpoint + description: "Authorization section for Alertmanager. \n Cannot be set at the same time as `basicAuth`, or `bearerTokenFile`." properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -628,11 +628,11 @@ spec: type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: - description: BasicAuth allow an endpoint to authenticate over basic authentication + description: "BasicAuth configuration for Alertmanager. \n Cannot be set at the same time as `bearerTokenFile`, or `authorization`." properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -668,16 +668,16 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenFile: - description: BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. + description: "File to read bearer token for Alertmanager. \n Cannot be set at the same time as `basicAuth`, or `authorization`. \n *Deprecated: this will be removed in a future release. Prefer using `authorization`.*" type: string enableHttp2: description: Whether to enable HTTP2. type: boolean name: - description: Name of Endpoints object in Namespace. + description: Name of the Endpoints object in the namespace. type: string namespace: - description: Namespace of Endpoints object. + description: Namespace of the Endpoints object. type: string pathPrefix: description: Prefix for the HTTP path alerts are pushed to. @@ -686,7 +686,7 @@ spec: anyOf: - type: integer - type: string - description: Port the Alertmanager API is exposed on. + description: Port on which the Alertmanager API is exposed. x-kubernetes-int-or-string: true scheme: description: Scheme to use when firing alerts. @@ -696,7 +696,7 @@ spec: pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: - description: TLS Config to use for alertmanager connection. + description: TLS Config to use for Alertmanager. properties: ca: description: Certificate authority used when verifying server certificates. @@ -812,16 +812,16 @@ spec: - alertmanagers type: object allowOverlappingBlocks: - description: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release. + description: "AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. \n *Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.*" type: boolean apiserverConfig: - description: APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + description: 'APIServerConfig allows specifying a host and auth methods to access the Kuberntees API server. If null, Prometheus is assumed to run inside of the cluster: it will discover the API servers automatically and use the Pod''s CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.' properties: authorization: - description: Authorization section for accessing apiserver + description: "Authorization section for the API server. \n Cannot be set at the same time as `basicAuth`, `bearerToken`, or `bearerTokenFile`." properties: credentials: - description: The secret's key that contains the credentials of the request + description: Selects a key of a Secret in the namespace that contains the credentials for authentication. properties: key: description: The key of the secret to select from. Must be a valid secret key. @@ -837,14 +837,14 @@ spec: type: object x-kubernetes-map-type: atomic credentialsFile: - description: File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization) + description: File to read a secret from, mutually exclusive with `credentials`. type: string type: - description: Set the authentication type. Defaults to Bearer, Basic will cause an error + description: "Defines the authentication type. The value is case-insensitive. \n \"Basic\" is not a supported value. \n Default: \"Bearer\"" type: string type: object basicAuth: - description: BasicAuth allow an endpoint to authenticate over basic authentication + description: "BasicAuth configuration for the API server. \n Cannot be set at the same time as `authorization`, `bearerToken`, or `bearerTokenFile`." properties: password: description: The secret in the service monitor namespace that contains the password for authentication. @@ -880,16 +880,16 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: Bearer token for accessing apiserver. + description: "*Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`.* \n *Deprecated: this will be removed in a future release.*" type: string bearerTokenFile: - description: File to read bearer token for accessing apiserver. + description: "File to read bearer token for accessing apiserver. \n Cannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`. \n *Deprecated: this will be removed in a future release. Prefer using `authorization`.*" type: string host: - description: Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number + description: Kubernetes API address consisting of a hostname or IP address followed by an optional port number. type: string tlsConfig: - description: TLS Config to use for accessing apiserver. + description: TLS Config to use for the API server. properties: ca: description: Certificate authority used when verifying server certificates. @@ -999,13 +999,17 @@ spec: - host type: object arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files. + description: When true, ServiceMonitor, PodMonitor and Probe object are forbidden to reference arbitrary files on the file system of the 'prometheus' container. When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a malicious target can get access to the Prometheus service account's token in the Prometheus' scrape request. Setting `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack. Users should instead provide the credentials using the `spec.bearerTokenSecret` field. properties: deny: type: boolean type: object baseImage: - description: 'Base image to use for a Prometheus deployment. Deprecated: use ''image'' instead' + description: '*Deprecated: use ''spec.image'' instead.*' + type: string + bodySizeLimit: + description: BodySizeLimit defines per-scrape on response body size. Only valid in Prometheus versions 2.45.0 and newer. + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string configMaps: description: ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-`. The ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container. @@ -1013,7 +1017,7 @@ spec: type: string type: array containers: - description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: "Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to the Pods or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. \n The names of containers managed by the operator are: * `prometheus` * `config-reloader` * `thanos-sidecar` \n Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." items: description: A single application container that you want to run within a pod. properties: @@ -1176,7 +1180,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1241,7 +1245,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1300,7 +1304,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1324,7 +1328,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1436,7 +1440,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1460,7 +1464,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1521,9 +1525,41 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1540,7 +1576,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -1647,7 +1683,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1671,7 +1707,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -1799,53 +1835,53 @@ spec: type: object type: array disableCompaction: - description: Disable prometheus compaction. + description: When true, the Prometheus compaction is disabled. type: boolean enableAdminAPI: - description: 'Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + description: "Enables access to the Prometheus web admin API. \n WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. \n For more information: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis" type: boolean enableFeatures: - description: Enable access to Prometheus disabled features. By default, no features are enabled. Enabling disabled features is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/ + description: "Enable access to Prometheus feature flags. By default, no features are enabled. \n Enabling features which are disabled by default is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. \n For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/" items: type: string type: array enableRemoteWriteReceiver: - description: 'Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. Defaults to the value of `false`. WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver Only valid in Prometheus versions 2.33.0 and newer.' + description: "Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. \n WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver \n It requires Prometheus >= v2.33.0." type: boolean enforcedBodySizeLimit: - description: 'EnforcedBodySizeLimit defines the maximum size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. Example: 100MB. If defined, the limit will apply to all service/pod monitors and probes. This is an experimental feature, this behaviour could change or be removed in the future. Only valid in Prometheus versions 2.28.0 and newer.' + description: "When defined, enforcedBodySizeLimit specifies a global limit on the size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. \n It requires Prometheus >= v2.28.0." pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string enforcedLabelLimit: - description: Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + description: "When defined, enforcedLabelLimit specifies a global limit on the number of labels per sample. The value overrides any `spec.labelLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is greater than zero and less than `spec.enforcedLabelLimit`. \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedLabelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + description: "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is greater than zero and less than `spec.enforcedLabelNameLengthLimit`. \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedLabelValueLengthLimit: - description: Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + description: "When not null, enforcedLabelValueLengthLimit defines a global limit on the length of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is greater than zero and less than `spec.enforcedLabelValueLengthLimit`. \n It requires Prometheus >= v2.27.0." format: int64 type: integer enforcedNamespaceLabel: - description: "EnforcedNamespaceLabel If set, a label will be added to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `Probe` objects) and 2. in all `PrometheusRule` objects (except the ones excluded in `prometheusRulesExcludedFromEnforce`) to * alerting & recording rules and * the metrics used in their expressions (`expr`). \n Label name is this field's value. Label value is the namespace of the created object (mentioned above)." + description: "When not empty, a label will be added to \n 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects. 2. All metrics generated from recording rules defined in `PrometheusRule` objects. 3. All alerts generated from alerting rules defined in `PrometheusRule` objects. 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects. \n The label will not added for objects referenced in `spec.excludedFromEnforcement`. \n The label's name is this field's value. The label's value is the namespace of the `ServiceMonitor`, `PodMonitor`, `Probe` or `PrometheusRule` object." type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + description: "When defined, enforcedSampleLimit specifies a global limit on the number of scraped samples that will be accepted. This overrides any `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.sampleLimit` is greater than zero and less than than `spec.enforcedSampleLimit`. \n It is meant to be used by admins to keep the overall number of samples/series under a desired limit." format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced. + description: "When defined, enforcedTargetLimit specifies a global limit on the number of scraped targets. The value overrides any `spec.targetLimit` set by ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is greater than zero and less than `spec.enforcedTargetLimit`. \n It is meant to be used by admins to to keep the overall number of targets under a desired limit." format: int64 type: integer evaluationInterval: default: 30s - description: 'Interval between consecutive evaluations. Default: `30s`' + description: 'Interval between rule evaluations. Default: "30s"' pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string excludedFromEnforcement: - description: List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true. + description: "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. \n It is only applicable if `spec.enforcedNamespaceLabel` set to true." items: description: ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object. properties: @@ -1856,7 +1892,7 @@ spec: - monitoring.coreos.com type: string name: - description: Name of the referent. When not set, all resources are matched. + description: Name of the referent. When not set, all resources in the namespace are matched. type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -1869,6 +1905,7 @@ spec: - servicemonitors - podmonitors - probes + - scrapeconfigs type: string required: - namespace @@ -1876,23 +1913,23 @@ spec: type: object type: array exemplars: - description: Exemplars related settings that are runtime reloadable. It requires to enable the exemplar storage feature to be effective. + description: Exemplars related settings that are runtime reloadable. It requires to enable the `exemplar-storage` feature flag to be effective. properties: maxSize: - description: Maximum number of exemplars stored in memory for all series. If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage. + description: "Maximum number of exemplars stored in memory for all series. \n exemplar-storage itself must be enabled using the `spec.enableFeature` option for exemplars to be scraped in the first place. \n If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage." format: int64 type: integer type: object externalLabels: additionalProperties: type: string - description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). + description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). Labels defined by `spec.replicaExternalLabelName` and `spec.prometheusExternalLabelName` take precedence over this list. type: object externalUrl: - description: The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. + description: The external URL under which the Prometheus service is externally available. This is necessary to generate correct URLs (for instance if Prometheus is accessible behind an Ingress resource). type: string hostAliases: - description: Pods' hostAliases configuration + description: Optional list of hosts and IPs that will be injected into the Pod's hosts file if specified. items: description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. properties: @@ -1913,13 +1950,13 @@ spec: - ip x-kubernetes-list-type: map hostNetwork: - description: Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically. + description: "Use the host's network namespace if true. \n Make sure to understand the security implications if you want to enable it (https://kubernetes.io/docs/concepts/configuration/overview/). \n When hostNetwork is enabled, this will set the DNS policy to `ClusterFirstWithHostNet` automatically." type: boolean ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from all PodMonitor, ServiceMonitor and Probe objects. They will only discover endpoints within the namespace of the PodMonitor, ServiceMonitor and Probe objects. Defaults to false. + description: When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor and Probe objects will be ignored. They will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe objec. type: boolean image: - description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. + description: "Container image name for Prometheus. If specified, it takes precedence over the `spec.baseImage`, `spec.tag` and `spec.sha` fields. \n Specifying `spec.version` is still necessary to ensure the Prometheus Operator knows which version of Prometheus is being configured. \n If neither `spec.image` nor `spec.baseImage` are defined, the operator will use the latest upstream version of Prometheus available at the time when the operator was released." type: string imagePullPolicy: description: Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details. @@ -1930,7 +1967,7 @@ spec: - IfNotPresent type: string imagePullSecrets: - description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + description: An optional list of references to Secrets in the same namespace to use for pulling images from registries. See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod items: description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: @@ -1941,7 +1978,7 @@ spec: x-kubernetes-map-type: atomic type: array initContainers: - description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + description: "InitContainers allows injecting initContainers to the Pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. \n The names of init container name managed by the operator are: * `init-config-reloader`. \n Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." items: description: A single application container that you want to run within a pod. properties: @@ -2104,7 +2141,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2169,7 +2206,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2228,7 +2265,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2252,7 +2289,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2364,7 +2401,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2388,7 +2425,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2449,9 +2486,41 @@ spec: format: int32 type: integer type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic resources: description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2468,7 +2537,7 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: @@ -2575,7 +2644,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. + description: GRPC specifies an action involving a GRPC port. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2599,7 +2668,7 @@ spec: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: - description: The header field name + description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value @@ -2726,18 +2795,30 @@ spec: - name type: object type: array + labelLimit: + description: Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.45.0 and newer. + format: int64 + type: integer listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + description: When true, the Prometheus server listens on the loopback address instead of the Pod IP's address. type: boolean logFormat: - description: Log format for Prometheus to be configured with. + description: Log format for Log level for Prometheus and the config-reloader sidecar. enum: - "" - logfmt - json type: string logLevel: - description: Log level for Prometheus to be configured with. + description: Log level for Prometheus and the config-reloader sidecar. enum: - "" - debug @@ -2746,13 +2827,13 @@ spec: - error type: string minReadySeconds: - description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate. + description: "Minimum number of seconds for which a newly created Pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) \n This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate." format: int32 type: integer nodeSelector: additionalProperties: type: string - description: Define which Nodes the Pods are scheduled on. + description: Defines on which Nodes the Pods are scheduled. type: object overrideHonorLabels: description: When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to "exported_