diff --git a/installation/resources/crds/monitoring/alertmanagerconfigs.monitoring.coreos.crd.yaml b/installation/resources/crds/monitoring/alertmanagerconfigs.monitoring.coreos.crd.yaml index 5c391fd96043..d3c46f1673cc 100644 --- a/installation/resources/crds/monitoring/alertmanagerconfigs.monitoring.coreos.crd.yaml +++ b/installation/resources/crds/monitoring/alertmanagerconfigs.monitoring.coreos.crd.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -46,7 +46,7 @@ spec: properties: inhibitRules: description: List of inhibition rules. The rules will only apply to - alerts matching the resource’s namespace. + alerts matching the resource's namespace. items: description: InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule @@ -60,7 +60,7 @@ spec: sourceMatch: description: Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that - the alert matches the resource’s namespace. + the alert matches the resource's namespace. items: description: Matcher defines how to match on alert's labels. properties: @@ -93,7 +93,7 @@ spec: targetMatch: description: Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches - the resource’s namespace. + the resource's namespace. items: description: Matcher defines how to match on alert's labels. properties: @@ -1779,7 +1779,7 @@ spec: type: string token: description: The secret's key that contains the registered - application’s API token, see https://pushover.net/apps. + application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. @@ -1809,7 +1809,7 @@ spec: type: string userKey: description: The secret's key that contains the recipient - user’s user key. The secret needs to be in the same + user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. properties: @@ -4380,7 +4380,7 @@ spec: type: array route: description: The Alertmanager route definition for alerts matching - the resource’s namespace. If present, it will be added to the generated + the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. properties: continue: @@ -4406,7 +4406,7 @@ spec: Example: "30s"' type: string matchers: - description: 'List of matchers that the alert’s labels should + description: 'List of matchers that the alert''s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher.' @@ -4472,4 +4472,4 @@ spec: - spec type: object served: true - storage: true + storage: true \ No newline at end of file diff --git a/installation/resources/crds/monitoring/alertmanagers.monitoring.coreos.crd.yaml b/installation/resources/crds/monitoring/alertmanagers.monitoring.coreos.crd.yaml index 1851cba3a5d4..742cc4752865 100644 --- a/installation/resources/crds/monitoring/alertmanagers.monitoring.coreos.crd.yaml +++ b/installation/resources/crds/monitoring/alertmanagers.monitoring.coreos.crd.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -25,13 +25,18 @@ spec: jsonPath: .spec.version name: Version type: string - - description: The desired replicas number of Alertmanagers + - description: The number of desired replicas jsonPath: .spec.replicas name: Replicas type: integer - jsonPath: .metadata.creationTimestamp name: Age type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean name: v1 schema: openAPIV3Schema: @@ -981,17 +986,412 @@ spec: x-kubernetes-map-type: atomic alertmanagerConfiguration: description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the - global Alertmanager configuration. If defined, it takes precedence - over the `configSecret` field. This field may change in future releases.' + configuration of Alertmanager. If defined, it takes precedence over + the `configSecret` field. This field may change in future releases.' properties: + global: + description: Defines the global parameters of the Alertmanager + configuration. + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the + client. This is mutually exclusive with BasicAuth and + is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, BasicAuth + takes precedence. + properties: + password: + description: The secret in the service monitor namespace + that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace + that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. The + secret needs to be in the same namespace as the Alertmanager + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a + token for the targets. + properties: + clientId: + description: The secret or configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client + secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use + for the targets. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Struct containing the client cert file + for the targets. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + resolveTimeout: + description: ResolveTimeout is the default value used by alertmanager + if the alert does not include EndsAt, after this time passes + it can declare the alert as resolved if it has not been + updated. This has no impact on alerts from Prometheus, as + they always include EndsAt. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object name: description: The name of the AlertmanagerConfig resource which - is used to generate the global configuration. It must be defined - in the same namespace as the Alertmanager object. The operator - will not enforce a `namespace` label for routes and inhibition - rules. + is used to generate the Alertmanager configuration. It must + be defined in the same namespace as the Alertmanager object. + The operator will not enforce a `namespace` label for routes + and inhibition rules. minLength: 1 type: string + templates: + description: Custom notification templates. + items: + description: SecretOrConfigMap allows to specify data as a Secret + or ConfigMap. Fields are mutually exclusive. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array type: object baseImage: description: 'Base image that is used to deploy pods, without tag. @@ -1017,14 +1417,17 @@ spec: configMaps: description: ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager - Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into `/etc/alertmanager/configmaps/` in the 'alertmanager' + container. items: type: string type: array configSecret: description: "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration - for this Alertmanager instance. If empty, it defaults to 'alertmanager-'. + for this Alertmanager instance. If empty, it defaults to `alertmanager-`. \n The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret. \n If either the secret or the @@ -1595,13 +1998,13 @@ spec: Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: description: ContainerPort represents a network port in a single container. @@ -2880,13 +3283,13 @@ spec: Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: description: ContainerPort represents a network port in a single container. @@ -3669,7 +4072,9 @@ spec: secrets: description: Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager - Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + Pods. Each Secret is added to the StatefulSet definition as a volume + named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` + in the 'alertmanager' container. items: type: string type: array @@ -4509,6 +4914,19 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. Keys that don't exist in the incoming + pod labels will be ignored. A null or empty list means only + match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, @@ -4549,11 +4967,31 @@ spec: minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is an alpha - field and requires enabling MinDomainsInPodTopologySpread - feature gate." + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." format: int32 type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a alpha-level feature enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered @@ -4561,10 +4999,11 @@ spec: as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain - whose nodes match the node selector. e.g. If TopologyKey is - "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each - zone is a domain of that topology. It's a required field. + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how to deal with a @@ -6153,8 +6592,55 @@ spec: web: description: Defines the web command line flags when starting Alertmanager. properties: + httpConfig: + description: Defines HTTP parameters for web server. + properties: + headers: + description: List of headers that can be added to HTTP responses. + properties: + contentSecurityPolicy: + description: Set the Content-Security-Policy header to + HTTP responses. Unset if blank. + type: string + strictTransportSecurity: + description: Set the Strict-Transport-Security header + to HTTP responses. Unset if blank. Please make sure + that you use this with care as this header might force + browsers to load Prometheus and the other applications + hosted on the same domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: Set the X-Content-Type-Options header to + HTTP responses. Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: Set the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: Set the X-XSS-Protection header to all responses. + Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: Enable HTTP/2 support. Note that HTTP/2 is only + supported with TLS. When TLSConfig is not configured, HTTP/2 + will be disabled. Whenever the value of the field changes, + a rolling update will be triggered. + type: boolean + type: object tlsConfig: - description: WebTLSConfig defines the TLS parameters for HTTPS. + description: Defines the TLS parameters for HTTPS. properties: cert: description: Contains the TLS certificate for the server. @@ -6345,4 +6831,4 @@ spec: type: object served: true storage: true - subresources: {} + subresources: {} \ No newline at end of file diff --git a/installation/resources/crds/monitoring/podmonitors.monitoring.coreos.crd.yaml b/installation/resources/crds/monitoring/podmonitors.monitoring.coreos.crd.yaml index c967172a44a6..5a7a72e2a703 100644 --- a/installation/resources/crds/monitoring/podmonitors.monitoring.coreos.crd.yaml +++ b/installation/resources/crds/monitoring/podmonitors.monitoring.coreos.crd.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -187,6 +187,10 @@ spec: enableHttp2: description: Whether to enable HTTP2. type: boolean + filterRunning: + description: 'Drop pods that are not running. (Failed, Succeeded). + Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' + type: boolean followRedirects: description: FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. @@ -660,4 +664,4 @@ spec: - spec type: object served: true - storage: true + storage: true \ No newline at end of file diff --git a/installation/resources/crds/monitoring/probes.monitoring.coreos.crd.yaml b/installation/resources/crds/monitoring/probes.monitoring.coreos.crd.yaml index 34ee1a164d60..25b58ba74be9 100644 --- a/installation/resources/crds/monitoring/probes.monitoring.coreos.crd.yaml +++ b/installation/resources/crds/monitoring/probes.monitoring.coreos.crd.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -701,4 +701,4 @@ spec: - spec type: object served: true - storage: true + storage: true \ No newline at end of file diff --git a/installation/resources/crds/monitoring/prometheuses.monitoring.crd.yaml b/installation/resources/crds/monitoring/prometheuses.monitoring.crd.yaml index 9ec8c79cc6ef..0cf89a7a9ed3 100644 --- a/installation/resources/crds/monitoring/prometheuses.monitoring.crd.yaml +++ b/installation/resources/crds/monitoring/prometheuses.monitoring.crd.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -25,13 +25,28 @@ spec: jsonPath: .spec.version name: Version type: string - - description: The desired replicas number of Prometheuses + - description: The number of desired replicas jsonPath: .spec.replicas - name: Replicas + name: Desired type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean name: v1 schema: openAPIV3Schema: @@ -109,6 +124,31 @@ spec: - key type: object x-kubernetes-map-type: atomic + additionalArgs: + description: AdditionalArgs allows setting additional arguments for + the Prometheus container. It is intended for e.g. activating hidden + flags which are not supported by the dedicated configuration options + yet. The arguments are passed as-is to the Prometheus container + which may cause issues if they are invalid or not supported by the + given Prometheus version. In case of an argument conflict (e.g. + an argument which is already set by the operator itself) or when + providing an invalid argument the reconciliation will fail and an + error will be logged. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: Name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: Argument value, e.g. 30s. Can be empty for name-only + arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array additionalScrapeConfigs: description: 'AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape @@ -1434,7 +1474,10 @@ spec: configMaps: description: ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus - Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into /etc/prometheus/configmaps/ in the 'prometheus' + container. items: type: string type: array @@ -2003,13 +2046,13 @@ spec: Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: description: ContainerPort represents a network port in a single container. @@ -2846,6 +2889,12 @@ spec: x-kubernetes-list-map-keys: - ip x-kubernetes-list-type: map + hostNetwork: + description: Use the host's network namespace if true. Make sure to + understand the security implications if you want to enable it. When + hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet + automatically. + type: boolean ignoreNamespaceSelectors: description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from all PodMonitor, ServiceMonitor and Probe objects. @@ -3439,13 +3488,13 @@ spec: Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: description: ContainerPort represents a network port in a single container. @@ -5489,7 +5538,9 @@ spec: secrets: description: Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus - Pods. The Secrets are mounted into /etc/prometheus/secrets/. + Pods. Each Secret is added to the StatefulSet definition as a volume + named `secret-`. The Secrets are mounted into /etc/prometheus/secrets/ + in the 'prometheus' container. items: type: string type: array @@ -6346,13 +6397,41 @@ spec: notice in any release. \n This is experimental and may change significantly without backward compatibility in any release." properties: + additionalArgs: + description: AdditionalArgs allows setting additional arguments + for the Thanos container. The arguments are passed as-is to + the Thanos container which may cause issues if they are invalid + or not supported the given Thanos version. In case of an argument + conflict (e.g. an argument which is already set by the operator + itself) or when providing an invalid argument the reconciliation + will fail and an error will be logged. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: Name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: Argument value, e.g. 30s. Can be empty for + name-only arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array baseImage: description: 'Thanos base image if other than default. Deprecated: use ''image'' instead' type: string + grpcListenLocal: + description: If true, the Thanos sidecar listens on the loopback + interface for the gRPC endpoints. It has no effect if `listenLocal` + is true. + type: boolean grpcServerTlsConfig: - description: 'GRPCServerTLSConfig configures the gRPC server from - which Thanos Querier reads recorded rule data. Note: Currently + description: 'GRPCServerTLSConfig configures the TLS parameters + for the gRPC server providing the StoreAPI. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' properties: @@ -6485,6 +6564,11 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + httpListenLocal: + description: If true, the Thanos sidecar listens on the loopback + interface for the HTTP endpoints. It has no effect if `listenLocal` + is true. + type: boolean image: description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary @@ -6492,8 +6576,10 @@ spec: is being configured. type: string listenLocal: - description: ListenLocal makes the Thanos sidecar listen on loopback, - so that it does not bind against the Pod IP. + description: 'If true, the Thanos sidecar listens on the loopback + interface for the HTTP and gRPC endpoints. It takes precedence + over `grpcListenLocal` and `httpListenLocal`. Deprecated: use + `grpcListenLocal` and `httpListenLocal` instead.' type: boolean logFormat: description: LogFormat for Thanos sidecar to be configured with. @@ -6755,6 +6841,19 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. Keys that don't exist in the incoming + pod labels will be ignored. A null or empty list means only + match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, @@ -6795,11 +6894,31 @@ spec: minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is an alpha - field and requires enabling MinDomainsInPodTopologySpread - feature gate." + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." format: int32 type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a alpha-level feature enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered @@ -6807,10 +6926,11 @@ spec: as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain - whose nodes match the node selector. e.g. If TopologyKey is - "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each - zone is a domain of that topology. It's a required field. + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how to deal with a @@ -6836,6 +6956,20 @@ spec: - whenUnsatisfiable type: object type: array + tsdb: + description: Defines the runtime reloadable configuration of the timeseries + database (TSDB). + properties: + outOfOrderTimeWindow: + description: Configures how old an out-of-order/out-of-bounds + sample can be w.r.t. the TSDB max time. An out-of-order/out-of-bounds + sample is ingested into the TSDB as long as the timestamp of + the sample is >= (TSDB.MaxTime - outOfOrderTimeWindow). Out + of order ingestion is an experimental feature and requires Prometheus + >= v2.39.0. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: object version: description: Version of Prometheus to be deployed. type: string @@ -8403,11 +8537,58 @@ spec: web: description: Defines the web command line flags when starting Prometheus. properties: + httpConfig: + description: Defines HTTP parameters for web server. + properties: + headers: + description: List of headers that can be added to HTTP responses. + properties: + contentSecurityPolicy: + description: Set the Content-Security-Policy header to + HTTP responses. Unset if blank. + type: string + strictTransportSecurity: + description: Set the Strict-Transport-Security header + to HTTP responses. Unset if blank. Please make sure + that you use this with care as this header might force + browsers to load Prometheus and the other applications + hosted on the same domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: Set the X-Content-Type-Options header to + HTTP responses. Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: Set the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: Set the X-XSS-Protection header to all responses. + Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: Enable HTTP/2 support. Note that HTTP/2 is only + supported with TLS. When TLSConfig is not configured, HTTP/2 + will be disabled. Whenever the value of the field changes, + a rolling update will be triggered. + type: boolean + type: object pageTitle: description: The prometheus web page title type: string tlsConfig: - description: WebTLSConfig defines the TLS parameters for HTTPS. + description: Defines the TLS parameters for HTTPS. properties: cert: description: Contains the TLS certificate for the server. @@ -8581,6 +8762,14 @@ spec: description: Human-readable message indicating details for the condition's last transition. type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer reason: description: Reason for the condition's last transition. type: string @@ -8669,4 +8858,4 @@ spec: served: true storage: true subresources: - status: {} + status: {} \ No newline at end of file diff --git a/installation/resources/crds/monitoring/prometheusrules.monitoring.crd.yaml b/installation/resources/crds/monitoring/prometheusrules.monitoring.crd.yaml index 35d16f5d1b4f..b9ba2df0d5aa 100644 --- a/installation/resources/crds/monitoring/prometheusrules.monitoring.crd.yaml +++ b/installation/resources/crds/monitoring/prometheusrules.monitoring.crd.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -95,4 +95,4 @@ spec: - spec type: object served: true - storage: true + storage: true \ No newline at end of file diff --git a/installation/resources/crds/monitoring/servicemonitors.monitoring.coreos.crd.yaml b/installation/resources/crds/monitoring/servicemonitors.monitoring.coreos.crd.yaml index f9dd94ccde2c..2ec72ca3c5ea 100644 --- a/installation/resources/crds/monitoring/servicemonitors.monitoring.coreos.crd.yaml +++ b/installation/resources/crds/monitoring/servicemonitors.monitoring.coreos.crd.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -681,4 +681,4 @@ spec: - spec type: object served: true - storage: true + storage: true \ No newline at end of file diff --git a/installation/resources/crds/monitoring/thanosrulers.monitoring.coreos.crd.yaml b/installation/resources/crds/monitoring/thanosrulers.monitoring.coreos.crd.yaml index eefc35925777..09939c94c970 100644 --- a/installation/resources/crds/monitoring/thanosrulers.monitoring.coreos.crd.yaml +++ b/installation/resources/crds/monitoring/thanosrulers.monitoring.coreos.crd.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -21,13 +21,18 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: The desired replicas number of Thanos Rulers + - description: The number of desired replicas jsonPath: .spec.replicas name: Replicas type: integer - jsonPath: .metadata.creationTimestamp name: Age type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean name: v1 schema: openAPIV3Schema: @@ -1508,13 +1513,13 @@ spec: Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: description: ContainerPort represents a network port in a single container. @@ -2955,13 +2960,13 @@ spec: Cannot be updated. type: string ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about - the network connections a container uses, but is primarily - informational. Not specifying a port here DOES NOT prevent - that port from being exposed. Any port which is listening - on the default "0.0.0.0" address inside a container will be - accessible from the network. Cannot be updated. + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: description: ContainerPort represents a network port in a single container. @@ -4731,6 +4736,19 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. Keys that don't exist in the incoming + pod labels will be ignored. A null or empty list means only + match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, @@ -4771,11 +4789,31 @@ spec: minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is an alpha - field and requires enabling MinDomainsInPodTopologySpread - feature gate." + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." format: int32 type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a alpha-level feature enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered @@ -4783,10 +4821,11 @@ spec: as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain - whose nodes match the node selector. e.g. If TopologyKey is - "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each - zone is a domain of that topology. It's a required field. + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how to deal with a @@ -4832,6 +4871,11 @@ spec: - key type: object x-kubernetes-map-type: atomic + tracingConfigFile: + description: TracingConfig specifies the path of the tracing configuration + file. When used alongside with TracingConfig, TracingConfigFile + takes precedence. + type: string volumes: description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended @@ -6389,4 +6433,4 @@ spec: type: object served: true storage: true - subresources: {} + subresources: {} \ No newline at end of file diff --git a/resources/monitoring/values.yaml b/resources/monitoring/values.yaml index 94300e98abec..eca02bfc6890 100644 --- a/resources/monitoring/values.yaml +++ b/resources/monitoring/values.yaml @@ -112,12 +112,12 @@ global: images: prometheus_operator: name: "prometheus-operator" - version: "v0.58.0" + version: "v0.60.1" directory: "external/quay.io/prometheus-operator" sha: "" prometheus_config_reloader: name: "prometheus-config-reloader" - version: "v0.58.0" + version: "v0.60.1" directory: "external/quay.io/prometheus-operator" sha: "" configmap_reload: @@ -132,7 +132,7 @@ global: sha: "" prometheus: name: "prometheus" - version: "v2.38.0" + version: "v2.39.1" directory: "external/quay.io/prometheus" sha: "" pushgateway: