From db96ce5e7efd3c0861a3b015e6a7787475860d94 Mon Sep 17 00:00:00 2001 From: verejoel Date: Tue, 24 Oct 2023 13:42:11 +0200 Subject: [PATCH 001/211] Update Ingester deployment to include same labels as StatefulSet Signed-off-by: verejoel --- .../ingester/deployment-ingester.yaml | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/charts/loki-distributed/templates/ingester/deployment-ingester.yaml b/charts/loki-distributed/templates/ingester/deployment-ingester.yaml index 5d925538c6..d2635882af 100644 --- a/charts/loki-distributed/templates/ingester/deployment-ingester.yaml +++ b/charts/loki-distributed/templates/ingester/deployment-ingester.yaml @@ -36,6 +36,12 @@ spec: labels: {{- include "loki.ingesterSelectorLabels" . | nindent 8 }} app.kubernetes.io/part-of: memberlist + {{- with .Values.loki.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ingester.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} {{- with .Values.ingester.topologySpreadConstraints }} @@ -64,6 +70,10 @@ spec: - name: ingester image: {{ include "loki.ingesterImage" . }} imagePullPolicy: {{ .Values.loki.image.pullPolicy }} + {{- if or .Values.loki.command .Values.ingester.command }} + command: + - {{ coalesce .Values.ingester.command .Values.loki.command | quote }} + {{- end }} args: - -config.file=/etc/loki/config/config.yaml - -target=ingester @@ -90,10 +100,8 @@ spec: {{- end }} securityContext: {{- toYaml .Values.loki.containerSecurityContext | nindent 12 }} - readinessProbe: - {{- toYaml .Values.loki.readinessProbe | nindent 12 }} - livenessProbe: - {{- toYaml .Values.loki.livenessProbe | nindent 12 }} + {{- include "loki.ingester.readinessProbe" . | nindent 10 }} + {{- include "loki.ingester.livenessProbe" . | nindent 10 }} volumeMounts: - name: config mountPath: /etc/loki/config @@ -104,8 +112,10 @@ spec: {{- with .Values.ingester.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.ingester.resources }} resources: - {{- toYaml .Values.ingester.resources | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.ingester.lifecycle }} lifecycle: {{- toYaml . | nindent 12 }} From ca626f2602df725b69ed4c41e8fbeeeaf3702852 Mon Sep 17 00:00:00 2001 From: verejoel Date: Tue, 24 Oct 2023 13:47:05 +0200 Subject: [PATCH 002/211] Query frontend joins the memberlist Signed-off-by: verejoel --- .../templates/query-frontend/deployment-query-frontend.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/loki-distributed/templates/query-frontend/deployment-query-frontend.yaml b/charts/loki-distributed/templates/query-frontend/deployment-query-frontend.yaml index a3c1e33e38..dd4f90ffe9 100644 --- a/charts/loki-distributed/templates/query-frontend/deployment-query-frontend.yaml +++ b/charts/loki-distributed/templates/query-frontend/deployment-query-frontend.yaml @@ -33,6 +33,7 @@ spec: {{- end }} labels: {{- include "loki.queryFrontendSelectorLabels" . | nindent 8 }} + app.kubernetes.io/part-of: memberlist {{- with .Values.loki.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -74,6 +75,9 @@ spec: - name: grpc containerPort: 9095 protocol: TCP + - name: http-memberlist + containerPort: 7946 + protocol: TCP {{- with .Values.queryFrontend.extraEnv }} env: {{- toYaml . | nindent 12 }} From c6bd19d9b6f78dc5c1d7e60fb63b33bb0d45116d Mon Sep 17 00:00:00 2001 From: verejoel Date: Tue, 24 Oct 2023 13:48:25 +0200 Subject: [PATCH 003/211] Update Chart version Signed-off-by: verejoel --- charts/loki-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 9804a5ae88..f800a83254 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -3,7 +3,7 @@ name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application appVersion: 2.9.2 -version: 0.76.0 +version: 0.77.0 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki From a67ca643fdac9239f2caa9c494c594c2d3c22b47 Mon Sep 17 00:00:00 2001 From: verejoel Date: Tue, 24 Oct 2023 13:57:54 +0200 Subject: [PATCH 004/211] Update Docs Signed-off-by: verejoel --- charts/loki-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index 1fab68d912..55c12bb72b 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.76.0](https://img.shields.io/badge/Version-0.76.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.77.0](https://img.shields.io/badge/Version-0.77.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 2a3b76b20fd7113dcf0122e861fb98248525170f Mon Sep 17 00:00:00 2001 From: verejoel Date: Tue, 24 Oct 2023 15:59:48 +0200 Subject: [PATCH 005/211] Allow matchExpression on ServiceMonitors Signed-off-by: verejoel --- .../templates/compactor/servicemonitor-compactor.yaml | 4 ++++ .../templates/distributor/servicemonitor-distributor.yaml | 4 ++++ .../index-gateway/servicemonitor-index-gateway.yaml | 7 +++---- .../templates/ingester/servicemonitor-ingester.yaml | 7 +++---- .../memcached-chunks/servicemonitor-memcached-chunks.yaml | 4 ++++ .../servicemonitor-memcached-frontend.yaml | 4 ++++ .../servicemonitor-memcached-index-queries.yaml | 4 ++++ .../servicemonitor-memcached-index-writes.yaml | 4 ++++ .../templates/querier/servicemonitor-querier.yaml | 7 +++---- .../query-frontend/servicemonitor-query-frontend.yaml | 4 ++++ .../query-scheduler/servicemonitor-query-scheduler.yaml | 4 ++++ .../templates/ruler/servicemonitor-ruler.yaml | 4 ++++ .../table-manager/servicemonitor-table-manager.yaml | 4 ++++ charts/loki-distributed/values.test.yaml | 3 +++ charts/loki-distributed/values.yaml | 6 ++++++ 15 files changed, 58 insertions(+), 12 deletions(-) diff --git a/charts/loki-distributed/templates/compactor/servicemonitor-compactor.yaml b/charts/loki-distributed/templates/compactor/servicemonitor-compactor.yaml index 1d49e9aef9..11523f922b 100644 --- a/charts/loki-distributed/templates/compactor/servicemonitor-compactor.yaml +++ b/charts/loki-distributed/templates/compactor/servicemonitor-compactor.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.compactorSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/distributor/servicemonitor-distributor.yaml b/charts/loki-distributed/templates/distributor/servicemonitor-distributor.yaml index 866e2f5a2f..1f1e525645 100644 --- a/charts/loki-distributed/templates/distributor/servicemonitor-distributor.yaml +++ b/charts/loki-distributed/templates/distributor/servicemonitor-distributor.yaml @@ -24,6 +24,10 @@ spec: selector: matchLabels: {{- include "loki.distributorSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/index-gateway/servicemonitor-index-gateway.yaml b/charts/loki-distributed/templates/index-gateway/servicemonitor-index-gateway.yaml index 93c2c0460c..400a592a13 100644 --- a/charts/loki-distributed/templates/index-gateway/servicemonitor-index-gateway.yaml +++ b/charts/loki-distributed/templates/index-gateway/servicemonitor-index-gateway.yaml @@ -25,11 +25,10 @@ spec: selector: matchLabels: {{- include "loki.indexGatewaySelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} matchExpressions: - - key: prometheus.io/service-monitor - operator: NotIn - values: - - "false" + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/ingester/servicemonitor-ingester.yaml b/charts/loki-distributed/templates/ingester/servicemonitor-ingester.yaml index 39476908fd..349785a0fc 100644 --- a/charts/loki-distributed/templates/ingester/servicemonitor-ingester.yaml +++ b/charts/loki-distributed/templates/ingester/servicemonitor-ingester.yaml @@ -24,11 +24,10 @@ spec: selector: matchLabels: {{- include "loki.ingesterSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} matchExpressions: - - key: prometheus.io/service-monitor - operator: NotIn - values: - - "false" + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/memcached-chunks/servicemonitor-memcached-chunks.yaml b/charts/loki-distributed/templates/memcached-chunks/servicemonitor-memcached-chunks.yaml index f0bd6cc9a3..529c0cb563 100644 --- a/charts/loki-distributed/templates/memcached-chunks/servicemonitor-memcached-chunks.yaml +++ b/charts/loki-distributed/templates/memcached-chunks/servicemonitor-memcached-chunks.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.memcachedChunksSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http-metrics {{- with .interval }} diff --git a/charts/loki-distributed/templates/memcached-frontend/servicemonitor-memcached-frontend.yaml b/charts/loki-distributed/templates/memcached-frontend/servicemonitor-memcached-frontend.yaml index 3d8c4f69c5..05698f31c0 100644 --- a/charts/loki-distributed/templates/memcached-frontend/servicemonitor-memcached-frontend.yaml +++ b/charts/loki-distributed/templates/memcached-frontend/servicemonitor-memcached-frontend.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.memcachedFrontendSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http-metrics {{- with .interval }} diff --git a/charts/loki-distributed/templates/memcached-index-queries/servicemonitor-memcached-index-queries.yaml b/charts/loki-distributed/templates/memcached-index-queries/servicemonitor-memcached-index-queries.yaml index 504e9b992d..88be48d77b 100644 --- a/charts/loki-distributed/templates/memcached-index-queries/servicemonitor-memcached-index-queries.yaml +++ b/charts/loki-distributed/templates/memcached-index-queries/servicemonitor-memcached-index-queries.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.memcachedIndexQueriesSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http-metrics {{- with .interval }} diff --git a/charts/loki-distributed/templates/memcached-index-writes/servicemonitor-memcached-index-writes.yaml b/charts/loki-distributed/templates/memcached-index-writes/servicemonitor-memcached-index-writes.yaml index 9fe2e9eb36..e15ad04697 100644 --- a/charts/loki-distributed/templates/memcached-index-writes/servicemonitor-memcached-index-writes.yaml +++ b/charts/loki-distributed/templates/memcached-index-writes/servicemonitor-memcached-index-writes.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.memcachedIndexWritesSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http-metrics {{- with .interval }} diff --git a/charts/loki-distributed/templates/querier/servicemonitor-querier.yaml b/charts/loki-distributed/templates/querier/servicemonitor-querier.yaml index 6a15b57741..d38db2ded7 100644 --- a/charts/loki-distributed/templates/querier/servicemonitor-querier.yaml +++ b/charts/loki-distributed/templates/querier/servicemonitor-querier.yaml @@ -24,11 +24,10 @@ spec: selector: matchLabels: {{- include "loki.querierSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} matchExpressions: - - key: prometheus.io/service-monitor - operator: NotIn - values: - - "false" + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/query-frontend/servicemonitor-query-frontend.yaml b/charts/loki-distributed/templates/query-frontend/servicemonitor-query-frontend.yaml index 581abb8544..6a4c7ce251 100644 --- a/charts/loki-distributed/templates/query-frontend/servicemonitor-query-frontend.yaml +++ b/charts/loki-distributed/templates/query-frontend/servicemonitor-query-frontend.yaml @@ -24,6 +24,10 @@ spec: selector: matchLabels: {{- include "loki.queryFrontendSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/query-scheduler/servicemonitor-query-scheduler.yaml b/charts/loki-distributed/templates/query-scheduler/servicemonitor-query-scheduler.yaml index 1277cd118a..9ee893be5e 100644 --- a/charts/loki-distributed/templates/query-scheduler/servicemonitor-query-scheduler.yaml +++ b/charts/loki-distributed/templates/query-scheduler/servicemonitor-query-scheduler.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.querySchedulerSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/ruler/servicemonitor-ruler.yaml b/charts/loki-distributed/templates/ruler/servicemonitor-ruler.yaml index 4d1df7e939..827b3d4531 100644 --- a/charts/loki-distributed/templates/ruler/servicemonitor-ruler.yaml +++ b/charts/loki-distributed/templates/ruler/servicemonitor-ruler.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.rulerSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/templates/table-manager/servicemonitor-table-manager.yaml b/charts/loki-distributed/templates/table-manager/servicemonitor-table-manager.yaml index a3d8d3f06f..6a0626a1af 100644 --- a/charts/loki-distributed/templates/table-manager/servicemonitor-table-manager.yaml +++ b/charts/loki-distributed/templates/table-manager/servicemonitor-table-manager.yaml @@ -25,6 +25,10 @@ spec: selector: matchLabels: {{- include "loki.tableManagerSelectorLabels" $ | nindent 6 }} + {{- with .matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} endpoints: - port: http {{- with .interval }} diff --git a/charts/loki-distributed/values.test.yaml b/charts/loki-distributed/values.test.yaml index 6724161488..b84483f0f2 100644 --- a/charts/loki-distributed/values.test.yaml +++ b/charts/loki-distributed/values.test.yaml @@ -65,3 +65,6 @@ gateway: target: type: Values averageValue: 10k + +serviceMonitor: + enabled: true diff --git a/charts/loki-distributed/values.yaml b/charts/loki-distributed/values.yaml index c7d62a43b2..1852ed6ca9 100644 --- a/charts/loki-distributed/values.yaml +++ b/charts/loki-distributed/values.yaml @@ -283,6 +283,12 @@ serviceMonitor: namespace: null # -- Namespace selector for ServiceMonitor resources namespaceSelector: {} + # -- Optional expressions to match on + matchExpressions: [] + # - key: prometheus.io/service-monitor + # operator: NotIn + # values: + # - "false" # -- ServiceMonitor annotations annotations: {} # -- Additional ServiceMonitor labels From 425a9d193f270e7629f0abd8c658fbe34146957f Mon Sep 17 00:00:00 2001 From: verejoel Date: Tue, 24 Oct 2023 19:01:53 +0200 Subject: [PATCH 006/211] Update docs Signed-off-by: verejoel --- charts/loki-distributed/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index 55c12bb72b..61bc0708ac 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -613,6 +613,7 @@ kubectl delete statefulset RELEASE_NAME-loki-distributed-querier -n LOKI_NAMESPA | serviceMonitor.enabled | bool | `false` | If enabled, ServiceMonitor resources for Prometheus Operator are created | | serviceMonitor.interval | string | `nil` | ServiceMonitor scrape interval | | serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels | +| serviceMonitor.matchExpressions | list | `[]` | Optional expressions to match on | | serviceMonitor.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint | | serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor resources | | serviceMonitor.namespaceSelector | object | `{}` | Namespace selector for ServiceMonitor resources | From 6ef40588e9682d62cd05a3ecb5c3830fc76dc1d4 Mon Sep 17 00:00:00 2001 From: verejoel Date: Wed, 25 Oct 2023 07:04:17 +0200 Subject: [PATCH 007/211] Revert changes to values.test.yaml Signed-off-by: verejoel --- charts/loki-distributed/values.test.yaml | 67 ------------------------ 1 file changed, 67 deletions(-) diff --git a/charts/loki-distributed/values.test.yaml b/charts/loki-distributed/values.test.yaml index b84483f0f2..1d7a959b30 100644 --- a/charts/loki-distributed/values.test.yaml +++ b/charts/loki-distributed/values.test.yaml @@ -1,70 +1,3 @@ loki: annotations: foo: bar - -ingester: - autoscaling: - enabled: true - customMetrics: - - type: Pods - external: - metric: - name: loki_lines_total - target: - type: AverageValue - averageValue: 10000 - -distributor: - autoscaling: - enabled: true - customMetrics: - - type: Pods - external: - metric: - name: loki_lines_total - target: - type: AverageValue - averageValue: 10000 - -querier: - autoscaling: - enabled: true - customMetrics: - - type: External - external: - metric: - name: loki_inflight_queries - target: - type: AverageValue - averageValue: 12 - -queryFrontend: - autoscaling: - enabled: true - customMetrics: - - type: Pods - pods: - metric: - name: loki_query_rate - target: - type: AverageValue - averageValue: 100 - -gateway: - autoscaling: - enabled: true - customMetrics: - - type: Object - object: - metric: - name: requests-per-second - describedObject: - apiVersion: networking.k8s.io/v1 - kind: Ingress - name: main-route - target: - type: Values - averageValue: 10k - -serviceMonitor: - enabled: true From d079088afff62e3ce906ae94b6410cfb94c3264d Mon Sep 17 00:00:00 2001 From: YuleZ Date: Mon, 13 Nov 2023 12:49:52 +0100 Subject: [PATCH 008/211] mount (and read from) configSecret if config should be handled as secret fixes #2734 Signed-off-by: YuleZ --- charts/grafana/templates/_pod.tpl | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index 466731fcb1..1163369f9a 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -825,26 +825,47 @@ containers: {{- end }} {{- end }} {{- with .Values.datasources }} + {{- $datasources := . }} {{- range (keys . | sortAlpha) }} + {{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handeled as secret */}} + - name: configSecret + mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" + subPath: {{ . | quote }} + {{- else }} - name: config mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" subPath: {{ . | quote }} {{- end }} {{- end }} + {{- end }} {{- with .Values.notifiers }} + {{- $notifiers := . }} {{- range (keys . | sortAlpha) }} + {{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handeled as secret */}} + - name: configSecret + mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" + subPath: {{ . | quote }} + {{- else }} - name: config mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" subPath: {{ . | quote }} {{- end }} {{- end }} + {{- end }} {{- with .Values.alerting }} + {{- $alertingmap := .}} {{- range (keys . | sortAlpha) }} + {{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handeled as secret */}} + - name: configSecret + mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" + subPath: {{ . | quote }} + {{- else }} - name: config mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" subPath: {{ . | quote }} {{- end }} {{- end }} + {{- end }} {{- with .Values.dashboardProviders }} {{- range (keys . | sortAlpha) }} - name: config @@ -1024,6 +1045,12 @@ volumes: - name: config configMap: name: {{ include "grafana.fullname" . }} + {{- $createConfigSecret := eq (include "grafana.shouldCreateConfigSecret" .) "true" -}} + {{- if and .Values.createConfigmap $createConfigSecret }} + - name: configSecret + secret: + name: {{ include "grafana.fullname" . }}-config-secret + {{- end }} {{- range .Values.extraConfigmapMounts }} - name: {{ tpl .name $root }} configMap: From 3857abc18f5faccfc3b314d940831e8bd27ae683 Mon Sep 17 00:00:00 2001 From: YuleZ Date: Mon, 13 Nov 2023 12:50:52 +0100 Subject: [PATCH 009/211] bump version Signed-off-by: YuleZ --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 68804675e3..8deb0f2073 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.3 +version: 7.0.4 appVersion: 10.1.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From d3e6c3b9e821c91e20c43d08bf766c0bd51419cb Mon Sep 17 00:00:00 2001 From: YuleZ Date: Tue, 14 Nov 2023 15:19:07 +0100 Subject: [PATCH 010/211] bump version Signed-off-by: YuleZ --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 8deb0f2073..8823e6f920 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.4 +version: 7.0.5 appVersion: 10.1.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From c5acd0cd4c804fab76a4fd3787c6c03e3da8da2e Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Wed, 15 Nov 2023 18:17:40 +0530 Subject: [PATCH 011/211] Added support for loadBalancerClass Signed-off-by: Sheikh-Abubaker --- charts/grafana/Chart.yaml | 2 +- charts/grafana/templates/service.yaml | 3 +++ charts/grafana/values.yaml | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 8823e6f920..7f0fccba65 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.5 +version: 7.0.6 appVersion: 10.1.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/templates/service.yaml b/charts/grafana/templates/service.yaml index 9102c1eec1..849a466a3e 100644 --- a/charts/grafana/templates/service.yaml +++ b/charts/grafana/templates/service.yaml @@ -25,6 +25,9 @@ spec: {{- with .Values.service.loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} + {{- with .Values.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} {{- with .Values.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index ab259791a0..abb3d37a80 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -197,6 +197,7 @@ gossipPortName: gossip service: enabled: true type: ClusterIP + loadBalancerClass: "" port: 80 targetPort: 3000 # targetPort: 4181 To be used with a proxy extraContainer From 2b7f2997168b184836dfd4164add5fe265fdd6b6 Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 15 Nov 2023 13:46:39 +0100 Subject: [PATCH 012/211] Change initAlerts to initDatasources Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index ab259791a0..f631394489 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -872,7 +872,7 @@ sidecar: skipReload: false # This is needed if skipReload is true, to load any alerts defined at startup time. # Deploy the alert sidecar as an initContainer. - initAlerts: false + initDatasources: false # Additional alert sidecar volume mounts extraMounts: [] # Sets the size limit of the alert sidecar emptyDir volume From fdcf9692a490d5f58d70c1e392ef96a958e627ee Mon Sep 17 00:00:00 2001 From: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 15 Nov 2023 13:50:40 +0100 Subject: [PATCH 013/211] chore: bump chart version Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 7f0fccba65..4260c7da1d 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.6 +version: 7.0.7 appVersion: 10.1.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From c27059e040bc8d858a98061862f84cf1e56bb422 Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Wed, 15 Nov 2023 18:30:04 +0530 Subject: [PATCH 014/211] Bumped Chart Version Signed-off-by: Sheikh-Abubaker --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 7f0fccba65..4260c7da1d 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.6 +version: 7.0.7 appVersion: 10.1.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From bdf2541d0889f405a5dc0b9be71f571184af5a83 Mon Sep 17 00:00:00 2001 From: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 15 Nov 2023 15:50:15 +0100 Subject: [PATCH 015/211] Fix README.md Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/README.md | 2 +- charts/grafana/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 81e5360b9f..9f71d05c30 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -174,7 +174,7 @@ need to instead set `global.imageRegistry`. | `sidecar.alerts.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.alerts.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/alerting/reload"` | | `sidecar.alerts.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.alerts.initDatasources` | Set to true to deploy the datasource sidecar as an initContainer. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` | +| `sidecar.alerts.initAlerts` | Set to true to deploy the alerts sidecar as an initContainer. This is needed if skipReload is true, to load any alerts defined at startup time. | `false` | | `sidecar.alerts.extraMounts` | Additional alerts sidecar volume mounts. | `[]` | | `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | | `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index f631394489..ab259791a0 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -872,7 +872,7 @@ sidecar: skipReload: false # This is needed if skipReload is true, to load any alerts defined at startup time. # Deploy the alert sidecar as an initContainer. - initDatasources: false + initAlerts: false # Additional alert sidecar volume mounts extraMounts: [] # Sets the size limit of the alert sidecar emptyDir volume From a2517e17409755c31feaa05329f94c86d7d5d67e Mon Sep 17 00:00:00 2001 From: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 15 Nov 2023 16:01:31 +0100 Subject: [PATCH 016/211] Updated values.yaml comments to reflect the behavior of sidecar.datasources.initDatasources Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index ab259791a0..6e23569cf7 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -975,8 +975,8 @@ sidecar: # Absolute path to shell script to execute after a datasource got reloaded script: null skipReload: false - # Deploy the datasource sidecar as an initContainer in addition to a container. # This is needed if skipReload is true, to load any datasources defined at startup time. + # Deploy the datasources sidecar as an initContainer. initDatasources: false # Sets the size limit of the datasource sidecar emptyDir volume sizeLimit: {} From edc1b480ed55c3c07b05dc296794e0d28c7a3c64 Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Thu, 16 Nov 2023 16:50:21 +0530 Subject: [PATCH 017/211] Modified values.yaml Signed-off-by: Sheikh-Abubaker --- charts/grafana/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index abb3d37a80..f891dc424e 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -196,8 +196,10 @@ gossipPortName: gossip ## service: enabled: true - type: ClusterIP + type: LoadBalancer + loadBalancerIP: "" loadBalancerClass: "" + loadBalancerSourceRanges: [] port: 80 targetPort: 3000 # targetPort: 4181 To be used with a proxy extraContainer From 51a8c4cf32e86dda90d6a6e681f1ff1a6fccb699 Mon Sep 17 00:00:00 2001 From: Footur <3769085+Footur@users.noreply.github.com> Date: Tue, 21 Nov 2023 10:40:31 +0100 Subject: [PATCH 018/211] Update Grafana to v10.2.2 Signed-off-by: Footur <3769085+Footur@users.noreply.github.com> --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 73e9400694..cae6f42d66 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.0.8 -appVersion: 10.1.5 +version: 7.0.9 +appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net From 51fd3f80d273e752ac8128fa5973bef0fa1c5490 Mon Sep 17 00:00:00 2001 From: birca Date: Wed, 8 Nov 2023 11:00:02 +0200 Subject: [PATCH 019/211] [grafana] - Add support for templating in ServiceMonitor labels Signed-off-by: birca --- charts/grafana/Chart.yaml | 2 +- charts/grafana/templates/servicemonitor.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 73e9400694..bce1ea60cf 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.8 +version: 7.0.9 appVersion: 10.1.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/templates/servicemonitor.yaml b/charts/grafana/templates/servicemonitor.yaml index 72396828f5..0359013520 100644 --- a/charts/grafana/templates/servicemonitor.yaml +++ b/charts/grafana/templates/servicemonitor.yaml @@ -12,7 +12,7 @@ metadata: labels: {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml . | nindent 4) $ }} {{- end }} spec: endpoints: From de797ae863dcc1df27afc8eda24a2a564bebe644 Mon Sep 17 00:00:00 2001 From: "Nagel, Felix" Date: Thu, 26 Oct 2023 09:30:30 +0200 Subject: [PATCH 020/211] use old root to get namespace Signed-off-by: Nagel, Felix --- charts/tempo-distributed/templates/gateway/secret-gateway.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/tempo-distributed/templates/gateway/secret-gateway.yaml b/charts/tempo-distributed/templates/gateway/secret-gateway.yaml index 32c8341983..bfe70c5797 100644 --- a/charts/tempo-distributed/templates/gateway/secret-gateway.yaml +++ b/charts/tempo-distributed/templates/gateway/secret-gateway.yaml @@ -1,3 +1,4 @@ +{{- $root := . -}} {{- $dict := dict "ctx" . "component" "gateway" -}} {{- with .Values.gateway }} {{- if and .enabled .basicAuth.enabled (not .basicAuth.existingSecret) }} @@ -5,7 +6,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "tempo.resourceName" $dict }} - namespace: {{ .Release.Namespace }} + namespace: {{ $root.Release.Namespace }} labels: {{- include "tempo.labels" $dict | nindent 4 }} stringData: From 80e3a9aecba16f087062b9aee6d34ec1293a9ac6 Mon Sep 17 00:00:00 2001 From: kaflake <8384990+kaflake@users.noreply.github.com> Date: Mon, 30 Oct 2023 07:00:02 +0100 Subject: [PATCH 021/211] Update charts/tempo-distributed/templates/gateway/secret-gateway.yaml Co-authored-by: MH Signed-off-by: Nagel, Felix --- charts/tempo-distributed/templates/gateway/secret-gateway.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/templates/gateway/secret-gateway.yaml b/charts/tempo-distributed/templates/gateway/secret-gateway.yaml index bfe70c5797..ed25c43cb7 100644 --- a/charts/tempo-distributed/templates/gateway/secret-gateway.yaml +++ b/charts/tempo-distributed/templates/gateway/secret-gateway.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "tempo.resourceName" $dict }} - namespace: {{ $root.Release.Namespace }} + namespace: {{ $root.Release.Namespace | quote }} labels: {{- include "tempo.labels" $dict | nindent 4 }} stringData: From 2b86ae9e7ad4fb68d4f307f866e4333935bcef64 Mon Sep 17 00:00:00 2001 From: "Nagel, Felix" Date: Mon, 30 Oct 2023 07:04:51 +0100 Subject: [PATCH 022/211] update tempo-distributed version Signed-off-by: Nagel, Felix --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index cdba587c07..7709530728 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.0 +version: 1.7.1 appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From c0ff9eb6e1c7571d1337dd517155dc13f142f27d Mon Sep 17 00:00:00 2001 From: MH Date: Fri, 24 Nov 2023 23:37:30 +0800 Subject: [PATCH 023/211] Update README.md Signed-off-by: MH --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index b368afae7c..26c484e3ba 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) Grafana Tempo in MicroService mode From e77c78926d6f54ab741174322b65e9e5f5b940ae Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 29 Nov 2023 07:22:32 +0800 Subject: [PATCH 024/211] Update Chart.yaml Signed-off-by: MH --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 7709530728..723f8b7028 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.1 +version: 1.7.2 appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From 5d1fa6d1924f02b054f0ee65100c8e1548be82e3 Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 29 Nov 2023 07:22:56 +0800 Subject: [PATCH 025/211] Update README.md Signed-off-by: MH --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index cecbb14328..20ea32d48a 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) Grafana Tempo in MicroService mode From 6664a5dbc7f206121b0d3a97257ffda9c5f470ba Mon Sep 17 00:00:00 2001 From: YuleZ Date: Wed, 29 Nov 2023 09:41:00 +0100 Subject: [PATCH 026/211] bump version Signed-off-by: YuleZ --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index bce1ea60cf..9966972b60 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.9 +version: 7.0.10 appVersion: 10.1.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From c0dfff7dbd199b5ff72f4c9b7384525312db3033 Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 29 Nov 2023 18:06:42 +0800 Subject: [PATCH 027/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index bce1ea60cf..38b3131cb4 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.9 +version: 7.0.11 appVersion: 10.1.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 56381b02c603ee274f3374a0aedab5004cd4df73 Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 29 Nov 2023 19:03:38 +0800 Subject: [PATCH 028/211] Update charts/grafana/Chart.yaml Co-authored-by: Mike Klebolt --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index cae6f42d66..775886d1d3 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.9 +version: 7.0.10 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 6c2a40e1d9a47666be50502c5d8f20444b76f643 Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 29 Nov 2023 19:05:16 +0800 Subject: [PATCH 029/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 775886d1d3..cf42779349 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.10 +version: 7.0.11 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 9464f58b3daebe2392c7ac6e82bbd6e99e0480f4 Mon Sep 17 00:00:00 2001 From: junya koyama Date: Thu, 30 Nov 2023 22:44:32 +0900 Subject: [PATCH 030/211] [grafana] fix Chart.yaml - update homepage and icon Signed-off-by: junya koyama --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index cf42779349..70b056c86e 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -4,8 +4,8 @@ version: 7.0.11 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. -home: https://grafana.net -icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +home: https://grafana.com +icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116 sources: - https://github.com/grafana/grafana - https://github.com/grafana/helm-charts From 3b1855013b7b42562f89ef5e3e8a1c4abe4a2c2b Mon Sep 17 00:00:00 2001 From: junya koyama Date: Thu, 30 Nov 2023 22:46:34 +0900 Subject: [PATCH 031/211] [grafana] bump chart version Signed-off-by: junya koyama --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 70b056c86e..57bac07a29 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.11 +version: 7.0.12 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 4ea217b5a07ac52912c2c079f4d039c0032cc1f8 Mon Sep 17 00:00:00 2001 From: junya koyama Date: Thu, 30 Nov 2023 23:01:42 +0900 Subject: [PATCH 032/211] [lgtm-distributed] fix Chart.yaml - add license annotations and keywords Signed-off-by: junya koyama --- charts/lgtm-distributed/Chart.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/lgtm-distributed/Chart.yaml b/charts/lgtm-distributed/Chart.yaml index 38f6458e6a..3cc119e172 100644 --- a/charts/lgtm-distributed/Chart.yaml +++ b/charts/lgtm-distributed/Chart.yaml @@ -16,7 +16,14 @@ sources: - https://github.com/grafana/mimir - https://github.com/grafana/tempo +keywords: + - monitoring + - traces + - metrics + - logs + annotations: + "artifacthub.io/license": AGPL-3.0-only "artifacthub.io/links": | - name: Chart Source url: https://github.com/grafana/helm-charts From 2662e62c193f9c46e2e19b77ea9cc7735a40ebb1 Mon Sep 17 00:00:00 2001 From: junya koyama Date: Thu, 30 Nov 2023 23:02:55 +0900 Subject: [PATCH 033/211] [lgtm-distributed] bump chart version Signed-off-by: junya koyama --- charts/lgtm-distributed/Chart.yaml | 2 +- charts/lgtm-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/lgtm-distributed/Chart.yaml b/charts/lgtm-distributed/Chart.yaml index 3cc119e172..2869ffd7d6 100644 --- a/charts/lgtm-distributed/Chart.yaml +++ b/charts/lgtm-distributed/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v2 name: lgtm-distributed description: Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack type: application -version: 1.0.0 +version: 1.0.1 appVersion: "6.59.4" home: https://grafana.com/oss/ diff --git a/charts/lgtm-distributed/README.md b/charts/lgtm-distributed/README.md index f8af897372..76c4bae8db 100644 --- a/charts/lgtm-distributed/README.md +++ b/charts/lgtm-distributed/README.md @@ -1,6 +1,6 @@ # lgtm-distributed -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.59.4](https://img.shields.io/badge/AppVersion-6.59.4-informational?style=flat-square) +![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.59.4](https://img.shields.io/badge/AppVersion-6.59.4-informational?style=flat-square) Umbrella chart for a distributed Loki, Grafana, Tempo and Mimir stack From 86e3a97f536d8a583329e3d28b868bad69e65939 Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Thu, 30 Nov 2023 10:29:51 -0500 Subject: [PATCH 034/211] [agent-operator] bump to Grafana Agent v0.38.1 (#2812) Signed-off-by: Robert Fratto --- charts/agent-operator/Chart.yaml | 4 ++-- charts/agent-operator/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 7c81dd9d96..d5804d26a1 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.11 -appVersion: "0.38.0" +version: 0.3.12 +appVersion: "0.38.1" home: https://grafana.com/docs/agent/v0.38/ icon: https://raw.githubusercontent.com/grafana/agent/v0.38.0/docs/sources/assets/logo_and_name.png sources: diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index ada81befc3..d8cf46b82a 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.11](https://img.shields.io/badge/Version-0.3.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.38.0](https://img.shields.io/badge/AppVersion-0.38.0-informational?style=flat-square) +![Version: 0.3.12](https://img.shields.io/badge/Version-0.3.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.38.1](https://img.shields.io/badge/AppVersion-0.38.1-informational?style=flat-square) A Helm chart for Grafana Agent Operator From a4f3e03710cd2cbccc145d77562890f213f4cfa7 Mon Sep 17 00:00:00 2001 From: James Geisler Date: Thu, 30 Nov 2023 12:13:59 -0600 Subject: [PATCH 035/211] add statefulset for metrics generator and add traces_storage config Signed-off-by: James Geisler --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 10 +- .../deployment-metrics-generator.yaml | 2 +- .../statefulset-metrics-generator.yaml | 157 ++++++++++++++++++ charts/tempo-distributed/values.yaml | 20 +++ 5 files changed, 187 insertions(+), 4 deletions(-) create mode 100644 charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 7709530728..e55c2f18eb 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.1 +version: 1.8.0 appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index cecbb14328..689ae423c2 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -560,10 +560,11 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.annotations | object | `{}` | Annotations for the metrics-generator StatefulSet | | metricsGenerator.appProtocol | object | `{"grpc":null}` | Adds the appProtocol field to the metricsGenerator service. This allows metricsGenerator to work with istio protocol selection. | | metricsGenerator.appProtocol.grpc | string | `nil` | Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" | -| metricsGenerator.config | object | `{"metrics_ingestion_time_range_slack":"30s","processor":{"service_graphs":{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10},"span_metrics":{"dimensions":[],"histogram_buckets":[0.002,0.004,0.008,0.016,0.032,0.064,0.128,0.256,0.512,1.02,2.05,4.1]}},"registry":{"collection_interval":"15s","external_labels":{},"stale_duration":"15m"},"storage":{"path":"/var/tempo/wal","remote_write":[],"remote_write_flush_deadline":"1m","wal":null}}` | More information on configuration: https://grafana.com/docs/tempo/latest/configuration/#metrics-generator | +| metricsGenerator.config | object | `{"metrics_ingestion_time_range_slack":"30s","processor":{"service_graphs":{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10},"span_metrics":{"dimensions":[],"histogram_buckets":[0.002,0.004,0.008,0.016,0.032,0.064,0.128,0.256,0.512,1.02,2.05,4.1]}},"registry":{"collection_interval":"15s","external_labels":{},"stale_duration":"15m"},"storage":{"path":"/var/tempo/wal","remote_write":[],"remote_write_flush_deadline":"1m","wal":null},"traces_storage":{"path":"/var/tempo/traces"}}` | More information on configuration: https://grafana.com/docs/tempo/latest/configuration/#metrics-generator | | metricsGenerator.config.processor.service_graphs.dimensions | list | `[]` | resource and span attributes and are added to the metrics if present. | | metricsGenerator.config.processor.span_metrics.dimensions | list | `[]` | Dimensions are searched for in the resource and span attributes and are added to the metrics if present. | | metricsGenerator.config.storage.remote_write | list | `[]` | https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write | +| metricsGenerator.config.traces_storage | object | `{"path":"/var/tempo/traces"}` | Used by the local blocks processor to store a wal for traces. | | metricsGenerator.enabled | bool | `false` | Specifies whether a metrics-generator should be deployed | | metricsGenerator.extraArgs | list | `[]` | Additional CLI args for the metrics-generator | | metricsGenerator.extraEnv | list | `[]` | Environment variables to add to the metrics-generator pods | @@ -575,7 +576,12 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.image.registry | string | `nil` | The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` | | metricsGenerator.image.repository | string | `nil` | Docker image repository for the metrics-generator image. Overrides `tempo.image.repository` | | metricsGenerator.image.tag | string | `nil` | Docker image tag for the metrics-generator image. Overrides `tempo.image.tag` | +| metricsGenerator.kind | string | `"Deployment"` | Kind of deployment [StatefulSet/Deployment] | | metricsGenerator.nodeSelector | object | `{}` | Node selector for metrics-generator pods | +| metricsGenerator.persistence | object | `{"annotations":{},"enabled":false,"size":"10Gi","storageClass":null}` | Persistence configuration for metrics-generator | +| metricsGenerator.persistence.annotations | object | `{}` | Annotations for metrics generator PVCs | +| metricsGenerator.persistence.enabled | bool | `false` | Enable creating PVCs if you have kind set to StatefulSet. This disables using local disk or memory configured in walEmptyDir | +| metricsGenerator.persistence.storageClass | string | `nil` | Storage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). | | metricsGenerator.podAnnotations | object | `{}` | Annotations for metrics-generator pods | | metricsGenerator.podLabels | object | `{}` | Labels for metrics-generator pods | | metricsGenerator.ports | list | `[{"name":"grpc","port":9095,"service":true},{"name":"http-memberlist","port":7946,"service":false},{"name":"http-metrics","port":3100,"service":true}]` | Default ports | diff --git a/charts/tempo-distributed/templates/metrics-generator/deployment-metrics-generator.yaml b/charts/tempo-distributed/templates/metrics-generator/deployment-metrics-generator.yaml index 0dd7d7159a..ed1cd3f228 100644 --- a/charts/tempo-distributed/templates/metrics-generator/deployment-metrics-generator.yaml +++ b/charts/tempo-distributed/templates/metrics-generator/deployment-metrics-generator.yaml @@ -1,4 +1,4 @@ -{{- if .Values.metricsGenerator.enabled }} +{{- if and (.Values.metricsGenerator.enabled) (eq .Values.metricsGenerator.kind "Deployment") }} {{ $dict := dict "ctx" . "component" "metrics-generator" "memberlist" true }} apiVersion: apps/v1 kind: Deployment diff --git a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml new file mode 100644 index 0000000000..286e68c37e --- /dev/null +++ b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml @@ -0,0 +1,157 @@ +{{- if and (.Values.metricsGenerator.enabled) (eq .Values.metricsGenerator.kind "StatefulSet") }} +{{ $dict := dict "ctx" . "component" "metrics-generator" "memberlist" true }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "tempo.resourceName" $dict }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "tempo.labels" $dict | nindent 4 }} + {{- with .Values.metricsGenerator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + minReadySeconds: 10 + replicas: {{ .Values.metricsGenerator.replicas }} + revisionHistoryLimit: 10 + podManagementPolicy: Parallel + updateStrategy: + rollingUpdate: + partition: 0 + selector: + matchLabels: + {{- include "tempo.selectorLabels" $dict | nindent 6 }} + template: + metadata: + labels: + {{- include "tempo.podLabels" $dict | nindent 8 }} + {{- with .Values.tempo.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metricsGenerator.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap-tempo.yaml") . | sha256sum }} + {{- with .Values.tempo.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metricsGenerator.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if or (.Values.metricsGenerator.priorityClassName) (.Values.global.priorityClassName) }} + priorityClassName: {{ default .Values.metricsGenerator.priorityClassName .Values.global.priorityClassName }} + {{- end }} + serviceAccountName: {{ include "tempo.serviceAccountName" . }} + {{- with .Values.tempo.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + enableServiceLinks: false + {{- include "tempo.metricsGeneratorImagePullSecrets" . | nindent 6 -}} + {{- with .Values.metricsGenerator.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - args: + - -target=metrics-generator + - -config.file=/conf/tempo.yaml + - -mem-ballast-size-mbs=1024 + {{- with .Values.metricsGenerator.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + image: {{ include "tempo.imageReference" $dict }} + imagePullPolicy: {{ .Values.tempo.image.pullPolicy }} + name: metrics-generator + ports: + {{- range .Values.metricsGenerator.ports }} + - name: {{ .name | quote }} + containerPort: {{ .port }} + {{- end }} + {{- with .Values.metricsGenerator.extraEnv }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.metricsGenerator.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + readinessProbe: + {{- toYaml .Values.tempo.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.metricsGenerator.resources | nindent 12 }} + {{- with .Values.tempo.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /conf + name: config + - mountPath: /runtime-config + name: runtime-config + - mountPath: /var/tempo + name: wal + {{- if .Values.enterprise.enabled }} + - name: license + mountPath: /license + {{- end }} + {{- with .Values.metricsGenerator.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.metricsGenerator.terminationGracePeriodSeconds }} + {{- if semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version }} + {{- with .Values.metricsGenerator.topologySpreadConstraints }} + topologySpreadConstraints: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.metricsGenerator.affinity }} + affinity: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- with .Values.metricsGenerator.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metricsGenerator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: config + {{- include "tempo.configVolume" . | nindent 10 }} + - name: runtime-config + {{- include "tempo.runtimeVolume" . | nindent 10 }} + {{- if .Values.enterprise.enabled }} + - name: license + secret: + secretName: {{ tpl .Values.license.secretName . }} + {{- end }} + {{- with .Values.metricsGenerator.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if not .Values.metricsGenerator.persistence.enabled }} + - name: wal + emptyDir: {{- toYaml .Values.metricsGenerator.walEmptyDir | nindent 12 }} + {{- else }} + volumeClaimTemplates: + - metadata: + {{- with .Values.metricsGenerator.persistence.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + name: wal + spec: + accessModes: + - ReadWriteOnce + {{- with .Values.metricsGenerator.persistence.storageClass }} + storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }} + {{- end }} + resources: + requests: + storage: {{ .Values.metricsGenerator.persistence.size | quote }} + {{- end }} +{{- end }} diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 7306f6dff7..589aff58f2 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -228,6 +228,8 @@ ingester: metricsGenerator: # -- Specifies whether a metrics-generator should be deployed enabled: false + # -- Kind of deployment [StatefulSet/Deployment] + kind: Deployment # -- Annotations for the metrics-generator StatefulSet annotations: {} # -- Number of replicas for the metrics-generator @@ -293,6 +295,19 @@ metricsGenerator: nodeSelector: {} # -- Tolerations for metrics-generator pods tolerations: [] + # -- Persistence configuration for metrics-generator + persistence: + # -- Enable creating PVCs if you have kind set to StatefulSet. This disables using local disk or memory configured in walEmptyDir + enabled: false + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Annotations for metrics generator PVCs + annotations: {} # -- The EmptyDir location where the /var/tempo will be mounted on. Defaults to local disk, can be set to memory. walEmptyDir: {} ## Here shows how to configure 1Gi memory as emptyDir. @@ -341,6 +356,9 @@ metricsGenerator: # -- A list of remote write endpoints. # -- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write remote_write: [] + # -- Used by the local blocks processor to store a wal for traces. + traces_storage: + path: /var/tempo/traces metrics_ingestion_time_range_slack: 30s service: # -- Annotations for Metrics Generator service @@ -1090,6 +1108,8 @@ config: | {{- toYaml .Values.metricsGenerator.config.processor | nindent 6 }} storage: {{- toYaml .Values.metricsGenerator.config.storage | nindent 6 }} + traces_storage: + {{- toYaml .Values.metricsGenerator.config.traces_storage | nindent 6 }} registry: {{- toYaml .Values.metricsGenerator.config.registry | nindent 6 }} metrics_ingestion_time_range_slack: {{ .Values.metricsGenerator.config.metrics_ingestion_time_range_slack }} From fc3ed8d755bc542a1f97a76add4643a66617348b Mon Sep 17 00:00:00 2001 From: sunrabbit123 Date: Fri, 1 Dec 2023 15:20:33 +0900 Subject: [PATCH 036/211] [tempo] bump to Tempo v2.3.1 Signed-off-by: sunrabbit123 --- charts/tempo-distributed/Chart.yaml | 4 ++-- charts/tempo-distributed/README.md | 2 +- charts/tempo/Chart.yaml | 4 ++-- charts/tempo/README.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 7709530728..731e7ecd44 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.1 -appVersion: 2.3.0 +version: 1.7.2 +appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index cecbb14328..f7f354cf61 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode diff --git a/charts/tempo/Chart.yaml b/charts/tempo/Chart.yaml index 9830b9988b..104e2126c5 100644 --- a/charts/tempo/Chart.yaml +++ b/charts/tempo/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo description: Grafana Tempo Single Binary Mode type: application -version: 1.7.1 -appVersion: 2.3.0 +version: 1.7.2 +appVersion: 2.3.1 engine: gotpl home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo/README.md b/charts/tempo/README.md index f2db7c95b8..9e61f7a23b 100644 --- a/charts/tempo/README.md +++ b/charts/tempo/README.md @@ -1,6 +1,6 @@ # tempo -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo Single Binary Mode From 0f9272baf4da342a320d028172a215161dce642e Mon Sep 17 00:00:00 2001 From: YuleZ Date: Fri, 1 Dec 2023 14:56:38 +0100 Subject: [PATCH 037/211] fix typos Signed-off-by: YuleZ --- charts/grafana/templates/_pod.tpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index a4d5efc95e..f4b9fd36f1 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -901,7 +901,7 @@ containers: {{- $datasources := . }} {{- range (keys . | sortAlpha) }} {{- if (or (hasKey (index $datasources .) "secret")) }} {{/*check if current datasource should be handeled as secret */}} - - name: configSecret + - name: config-secret mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" subPath: {{ . | quote }} {{- else }} @@ -915,7 +915,7 @@ containers: {{- $notifiers := . }} {{- range (keys . | sortAlpha) }} {{- if (or (hasKey (index $notifiers .) "secret")) }} {{/*check if current notifier should be handeled as secret */}} - - name: configSecret + - name: config-secret mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" subPath: {{ . | quote }} {{- else }} @@ -929,7 +929,7 @@ containers: {{- $alertingmap := .}} {{- range (keys . | sortAlpha) }} {{- if (or (hasKey (index $.Values.alerting .) "secret") (hasKey (index $.Values.alerting .) "secretFile")) }} {{/*check if current alerting entry should be handeled as secret */}} - - name: configSecret + - name: config-secret mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" subPath: {{ . | quote }} {{- else }} @@ -1120,9 +1120,9 @@ volumes: name: {{ include "grafana.fullname" . }} {{- $createConfigSecret := eq (include "grafana.shouldCreateConfigSecret" .) "true" -}} {{- if and .Values.createConfigmap $createConfigSecret }} - - name: configSecret + - name: config-secret secret: - name: {{ include "grafana.fullname" . }}-config-secret + secretName: {{ include "grafana.fullname" . }}-config-secret {{- end }} {{- range .Values.extraConfigmapMounts }} - name: {{ tpl .name $root }} From dfbfa1af7205b3945053fa069d025ff27e031486 Mon Sep 17 00:00:00 2001 From: YuleZ Date: Fri, 1 Dec 2023 14:57:05 +0100 Subject: [PATCH 038/211] bump version Signed-off-by: YuleZ --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 57bac07a29..387f2ab423 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.12 +version: 7.0.13 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From c542c04eabc91afc6da7fb5344f78faebba69ab2 Mon Sep 17 00:00:00 2001 From: sunrabbit123 Date: Sun, 3 Dec 2023 02:17:30 +0900 Subject: [PATCH 039/211] fix: separte pr Signed-off-by: sunrabbit123 --- charts/tempo-distributed/Chart.yaml | 4 ++-- charts/tempo-distributed/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 731e7ecd44..cdba587c07 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.2 -appVersion: 2.3.1 +version: 1.7.0 +appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index f7f354cf61..cecbb14328 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) Grafana Tempo in MicroService mode From 6d954fc672afe7480477e8082dd26dd3820e7144 Mon Sep 17 00:00:00 2001 From: sunrabbit123 Date: Sun, 3 Dec 2023 02:18:27 +0900 Subject: [PATCH 040/211] revert: tempo-distributed chart version Signed-off-by: sunrabbit123 --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index cdba587c07..7709530728 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.0 +version: 1.7.1 appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From 52c2ceb2658567f0c7644d5fb40bd7658b2473e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20Austerm=C3=BChle?= Date: Tue, 5 Dec 2023 22:20:20 +0100 Subject: [PATCH 041/211] Document extraVolumes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://github.com/grafana/helm-charts/commit/dbf7b82e21390d3a137d51898a1f1489f1eec8c2 and https://github.com/grafana/helm-charts/issues/2777 Signed-off-by: Stephan Austermühle --- charts/grafana/README.md | 24 ++++++++++++++++++------ charts/grafana/templates/_pod.tpl | 7 +++---- charts/grafana/values.yaml | 13 +++++++++---- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 5420545e51..77abbed147 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -48,7 +48,7 @@ This version requires Helm >= 3.1.0. ### To 7.0.0 -For consistency with other Helm charts, the `global.image.registry` parameter was renamed +For consistency with other Helm charts, the `global.image.registry` parameter was renamed to `global.imageRegistry`. If you were not previously setting `global.image.registry`, no action is required on upgrade. If you were previously setting `global.image.registry`, you will need to instead set `global.imageRegistry`. @@ -136,6 +136,7 @@ need to instead set `global.imageRegistry`. | `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | | `extraSecretMounts` | Additional grafana server secret mounts | `[]` | | `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | +| `extraVolumes` | Additional Grafana server volumes | `[]` | | `createConfigmap` | Enable creating the grafana configmap | `true` | | `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | | `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | @@ -315,24 +316,35 @@ ingress: path: "/grafana" ``` -### Example of extraVolumeMounts +### Example of extraVolumeMounts and extraVolumes -Volume can be type persistentVolumeClaim or hostPath but not both at same time. -If neither existingClaim or hostPath argument is given then type is emptyDir. +Configure additional volumes with `extraVolumes` and volume mounts with `extraVolumeMounts`. + +Example for `extraVolumeMounts` and corresponding `extraVolumes`: ```yaml -- extraVolumeMounts: +extraVolumeMounts: - name: plugins mountPath: /var/lib/grafana/plugins subPath: configs/grafana/plugins - existingClaim: existing-grafana-claim readOnly: false - name: dashboards mountPath: /var/lib/grafana/dashboards hostPath: /usr/shared/grafana/dashboards readOnly: false + +extraVolumes: + - name: plugins + existingClaim: existing-grafana-claim + - name: dashboards + hostPath: /usr/shared/grafana/dashboards ``` +Volumes default to `emptyDir`. Set to `persistentVolumeClaim`, +`hostPath`, `csi`, or `configMap` for other types. For a +`persistentVolumeClaim`, specify an existing claim name with +`existingClaim`. + ## Import dashboards There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index f4b9fd36f1..ae9fd7d1d1 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -169,7 +169,7 @@ initContainers: mountPath: "/etc/grafana/provisioning/alerting" {{- with .Values.sidecar.alerts.extraMounts }} {{- toYaml . | trim | nindent 6 }} - {{- end }} + {{- end }} {{- end }} {{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }} - name: {{ include "grafana.name" . }}-init-sc-datasources @@ -411,7 +411,7 @@ containers: mountPath: "/etc/grafana/provisioning/alerting" {{- with .Values.sidecar.alerts.extraMounts }} {{- toYaml . | trim | nindent 6 }} - {{- end }} + {{- end }} {{- end}} {{- if .Values.sidecar.dashboards.enabled }} - name: {{ include "grafana.name" . }}-sc-dashboard @@ -1257,7 +1257,7 @@ volumes: {{ toYaml .hostPath | nindent 6 }} {{- else if .csi }} csi: - {{- toYaml .data | nindent 6 }} + {{- toYaml .csi | nindent 6 }} {{- else if .configMap }} configMap: {{- toYaml .configMap | nindent 6 }} @@ -1273,4 +1273,3 @@ volumes: {{- tpl (toYaml .) $root | nindent 2 }} {{- end }} {{- end }} - diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 07502cc5ae..52638c0b0e 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -530,15 +530,20 @@ extraVolumeMounts: [] # - name: extra-volume-0 # mountPath: /mnt/volume0 # readOnly: true - # existingClaim: volume-claim # - name: extra-volume-1 # mountPath: /mnt/volume1 # readOnly: true - # hostPath: /usr/shared/ # - name: grafana-secrets # mountPath: /mnt/volume2 - # csi: true - # data: + +## Additional Grafana server volumes +extraVolumes: [] + # - name: extra-volume-0 + # existingClaim: volume-claim + # - name: extra-volume-1 + # hostPath: /usr/shared/ + # - name: grafana-secrets + # csi: # driver: secrets-store.csi.k8s.io # readOnly: true # volumeAttributes: From abea13cc477bbb9c582d4e68091eb87daf829dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20Austerm=C3=BChle?= Date: Wed, 6 Dec 2023 11:46:41 +0100 Subject: [PATCH 042/211] Bump grafana chart version to v7.0.14 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stephan Austermühle --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 387f2ab423..adf084f288 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.13 +version: 7.0.14 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 8d3e3945eb3f5abaf9b5c6828a58ceba249040dd Mon Sep 17 00:00:00 2001 From: Davenury Date: Fri, 8 Dec 2023 07:05:53 +0100 Subject: [PATCH 043/211] add a comment about enabling metrics generator processors in helm chart Signed-off-by: Davenury --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/values.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 7709530728..723f8b7028 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.1 +version: 1.7.2 appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 7306f6dff7..b9fe43feb6 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -321,6 +321,7 @@ metricsGenerator: external_labels: {} stale_duration: 15m processor: + # -- For processors to be enabled and generate metrics, pass the names of the processors to overrides.metrics_generator_processors value like [service-graphs, span-metrics] service_graphs: # -- Additional dimensions to add to the metrics. Dimensions are searched for in the # -- resource and span attributes and are added to the metrics if present. @@ -1322,6 +1323,7 @@ storage: # Global overrides global_overrides: per_tenant_override_config: /runtime-config/overrides.yaml + # -- List of enabled metrics generator processors ([service-graphs, span-metrics]) metrics_generator_processors: [] # Per tenants overrides From be76106a67891795194c4b2f320d8d19b1a7ac89 Mon Sep 17 00:00:00 2001 From: Michel Hollands <42814411+MichelHollands@users.noreply.github.com> Date: Fri, 8 Dec 2023 14:54:47 +0000 Subject: [PATCH 044/211] Remove the deprecated minio chart (#2828) Signed-off-by: Michel Hollands --- .github/workflows/update-helm-repo.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/update-helm-repo.yaml b/.github/workflows/update-helm-repo.yaml index 75c1be27b3..8382c1f231 100644 --- a/.github/workflows/update-helm-repo.yaml +++ b/.github/workflows/update-helm-repo.yaml @@ -154,7 +154,6 @@ jobs: helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add bitnami-pre-2022 https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami helm repo add hashicorp https://helm.releases.hashicorp.com - helm repo add minio https://helm.min.io helm repo add minio-new https://charts.min.io helm repo add jetstack https://charts.jetstack.io helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx From 29d076230df4b04cd915754b3da4438b8966aeea Mon Sep 17 00:00:00 2001 From: Michel Hollands Date: Fri, 8 Dec 2023 15:14:17 +0000 Subject: [PATCH 045/211] Remove old minio from release workflow Signed-off-by: Michel Hollands --- .github/workflows/release.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index da732c31da..800c0a59b9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,7 +36,6 @@ jobs: helm repo add prometheus https://prometheus-community.github.io/helm-charts helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add hashicorp https://helm.releases.hashicorp.com - helm repo add minio https://helm.min.io helm repo add minio-new https://charts.min.io - name: Run chart-releaser From 630a5f82946c072e35e730990081c34d5e42550a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Sun, 10 Dec 2023 10:17:55 +0100 Subject: [PATCH 046/211] promtail: Optimize config checksum MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/promtail/Chart.yaml | 2 +- charts/promtail/README.md | 2 +- charts/promtail/templates/_pod.tpl | 6 +----- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/charts/promtail/Chart.yaml b/charts/promtail/Chart.yaml index 555eb23705..e938d73a70 100644 --- a/charts/promtail/Chart.yaml +++ b/charts/promtail/Chart.yaml @@ -3,7 +3,7 @@ name: promtail description: Promtail is an agent which ships the contents of local logs to a Loki instance type: application appVersion: 2.9.2 -version: 6.15.3 +version: 6.15.4 home: https://grafana.com/loki sources: - https://github.com/grafana/loki diff --git a/charts/promtail/README.md b/charts/promtail/README.md index 03799f9463..a2913c858c 100644 --- a/charts/promtail/README.md +++ b/charts/promtail/README.md @@ -1,6 +1,6 @@ # promtail -![Version: 6.15.3](https://img.shields.io/badge/Version-6.15.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 6.15.4](https://img.shields.io/badge/Version-6.15.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) Promtail is an agent which ships the contents of local logs to a Loki instance diff --git a/charts/promtail/templates/_pod.tpl b/charts/promtail/templates/_pod.tpl index 7581afc297..3a366a599f 100644 --- a/charts/promtail/templates/_pod.tpl +++ b/charts/promtail/templates/_pod.tpl @@ -10,11 +10,7 @@ metadata: {{- end }} annotations: {{- if not .Values.sidecar.configReloader.enabled }} - {{- if not .Values.configmap.enabled }} - checksum/config: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} - {{- else }} - checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} + checksum/config: {{ tpl .Values.config.file . | sha256sum }} {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 4 }} From f3749bde240db75fd8f9a9b0e433903aecd3a663 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Sat, 9 Dec 2023 23:57:19 +0100 Subject: [PATCH 047/211] Optimize checksum calculation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/grafana/Chart.yaml | 2 +- charts/grafana/templates/_config.tpl | 170 ++++++++++++++++++ .../configmap-dashboard-provider.yaml | 16 +- charts/grafana/templates/configmap.yaml | 131 +------------- charts/grafana/templates/deployment.yaml | 10 +- charts/grafana/templates/secret.yaml | 12 +- 6 files changed, 180 insertions(+), 161 deletions(-) create mode 100644 charts/grafana/templates/_config.tpl diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 387f2ab423..adf084f288 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.13 +version: 7.0.14 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/templates/_config.tpl b/charts/grafana/templates/_config.tpl new file mode 100644 index 0000000000..face210934 --- /dev/null +++ b/charts/grafana/templates/_config.tpl @@ -0,0 +1,170 @@ +{{/* + Generate config map data + */}} +{{- define "grafana.configData" -}} +{{- $files := .Files }} +{{- $root := . -}} +{{- with .Values.plugins }} +plugins: {{ join "," . }} +{{- end }} +grafana.ini: | +{{- range $elem, $elemVal := index .Values "grafana.ini" }} + {{- if not (kindIs "map" $elemVal) }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} + {{- else }} + {{ $elem }} = {{ $elemVal }} + {{- end }} + {{- end }} +{{- end }} +{{- range $key, $value := index .Values "grafana.ini" }} + {{- if kindIs "map" $value }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} + {{- else }} + {{ $elem }} = {{ $elemVal }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} + +{{- range $key, $value := .Values.datasources }} +{{- if not (hasKey $value "secret") }} +{{ $key }}: | + {{- tpl (toYaml $value | nindent 2) $root }} +{{- end }} +{{- end }} + +{{- range $key, $value := .Values.notifiers }} +{{- if not (hasKey $value "secret") }} +{{ $key }}: | + {{- toYaml $value | nindent 2 }} +{{- end }} +{{- end }} + +{{- range $key, $value := .Values.alerting }} +{{- if (hasKey $value "file") }} +{{ $key }}: +{{- toYaml ( $files.Get $value.file ) | nindent 2 }} +{{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}} +{{/* will be stored inside secret generated by "configSecret.yaml"*/}} +{{- else }} +{{ $key }}: | + {{- tpl (toYaml $value | nindent 2) $root }} +{{- end }} +{{- end }} + +{{- range $key, $value := .Values.dashboardProviders }} +{{ $key }}: | + {{- toYaml $value | nindent 2 }} +{{- end }} + +{{- if .Values.dashboards }} +download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} +{{ $dashboardProviders := .Values.dashboardProviders }} +{{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -skf \ + --connect-timeout 60 \ + --max-time 60 \ + {{- if not $value.b64content }} + {{- if not $value.acceptHeader }} + -H "Accept: application/json" \ + {{- else }} + -H "Accept: {{ $value.acceptHeader }}" \ + {{- end }} + {{- if $value.token }} + -H "Authorization: token {{ $value.token }}" \ + {{- end }} + {{- if $value.bearerToken }} + -H "Authorization: Bearer {{ $value.bearerToken }}" \ + {{- end }} + {{- if $value.basic }} + -H "Authorization: Basic {{ $value.basic }}" \ + {{- end }} + {{- if $value.gitlabToken }} + -H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \ + {{- end }} + -H "Content-Type: application/json;charset=UTF-8" \ + {{- end }} + {{- $dpPath := "" -}} + {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers }} + {{- if eq $kd.name $provider }} + {{- $dpPath = $kd.options.path }} + {{- end }} + {{- end }} + {{- if $value.url }} + "{{ $value.url }}" \ + {{- else }} + "https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \ + {{- end }} + {{- if $value.datasource }} + {{- if kindIs "string" $value.datasource }} + | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \ + {{- end }} + {{- if kindIs "slice" $value.datasource }} + {{- range $value.datasource }} + | sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \ + {{- end }} + {{- end }} + {{- end }} + {{- if $value.b64content }} + | base64 -d \ + {{- end }} + > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" + {{ end }} + {{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* + Generate dashboard json config map data + */}} +{{- define "grafana.configDashboardProviderData" -}} +provider.yaml: |- + apiVersion: 1 + providers: + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end }} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end -}} + +{{- define "grafana.secretsData" -}} +{{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} +admin-user: {{ .Values.adminUser | b64enc | quote }} +{{- if .Values.adminPassword }} +admin-password: {{ .Values.adminPassword | b64enc | quote }} +{{- else }} +admin-password: {{ include "grafana.password" . }} +{{- end }} +{{- end }} +{{- if not .Values.ldap.existingSecret }} +ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} +{{- end }} +{{- end -}} diff --git a/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/grafana/templates/configmap-dashboard-provider.yaml index 1f706a8bbf..b412c4d1f0 100644 --- a/charts/grafana/templates/configmap-dashboard-provider.yaml +++ b/charts/grafana/templates/configmap-dashboard-provider.yaml @@ -11,19 +11,5 @@ metadata: name: {{ include "grafana.fullname" . }}-config-dashboards namespace: {{ include "grafana.namespace" . }} data: - provider.yaml: |- - apiVersion: 1 - providers: - - name: '{{ .Values.sidecar.dashboards.provider.name }}' - orgId: {{ .Values.sidecar.dashboards.provider.orgid }} - {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - folder: '{{ .Values.sidecar.dashboards.provider.folder }}' - {{- end }} - type: {{ .Values.sidecar.dashboards.provider.type }} - disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} - allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} - updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} - options: - foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} + {{- include "grafana.configDashboardProviderData" . | nindent 2 }} {{- end }} diff --git a/charts/grafana/templates/configmap.yaml b/charts/grafana/templates/configmap.yaml index 7b837d90b1..7d7428be51 100644 --- a/charts/grafana/templates/configmap.yaml +++ b/charts/grafana/templates/configmap.yaml @@ -1,6 +1,4 @@ {{- if .Values.createConfigmap }} -{{- $files := .Files }} -{{- $root := . -}} apiVersion: v1 kind: ConfigMap metadata: @@ -13,132 +11,5 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} data: - {{- with .Values.plugins }} - plugins: {{ join "," . }} - {{- end }} - grafana.ini: | - {{- range $elem, $elemVal := index .Values "grafana.ini" }} - {{- if not (kindIs "map" $elemVal) }} - {{- if kindIs "invalid" $elemVal }} - {{ $elem }} = - {{- else if kindIs "string" $elemVal }} - {{ $elem }} = {{ tpl $elemVal $ }} - {{- else }} - {{ $elem }} = {{ $elemVal }} - {{- end }} - {{- end }} - {{- end }} - {{- range $key, $value := index .Values "grafana.ini" }} - {{- if kindIs "map" $value }} - [{{ $key }}] - {{- range $elem, $elemVal := $value }} - {{- if kindIs "invalid" $elemVal }} - {{ $elem }} = - {{- else if kindIs "string" $elemVal }} - {{ $elem }} = {{ tpl $elemVal $ }} - {{- else }} - {{ $elem }} = {{ $elemVal }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.datasources }} - {{- if not (hasKey $value "secret") }} - {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.notifiers }} - {{- if not (hasKey $value "secret") }} - {{- $key | nindent 2 }}: | - {{- toYaml $value | nindent 4 }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.alerting }} - {{- if (hasKey $value "file") }} - {{- $key | nindent 2 }}: - {{- toYaml ( $files.Get $value.file ) | nindent 4}} - {{- else if (or (hasKey $value "secret") (hasKey $value "secretFile"))}} - {{/* will be stored inside secret generated by "configSecret.yaml"*/}} - {{- else }} - {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} - {{- end }} - {{- end }} - - {{- range $key, $value := .Values.dashboardProviders }} - {{- $key | nindent 2 }}: | - {{- toYaml $value | nindent 4 }} - {{- end }} - -{{- if .Values.dashboards }} - download_dashboards.sh: | - #!/usr/bin/env sh - set -euf - {{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{- range $value.providers }} - mkdir -p {{ .options.path }} - {{- end }} - {{- end }} - {{- end }} - {{ $dashboardProviders := .Values.dashboardProviders }} - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - {{- if not $value.b64content }} - {{- if not $value.acceptHeader }} - -H "Accept: application/json" \ - {{- else }} - -H "Accept: {{ $value.acceptHeader }}" \ - {{- end }} - {{- if $value.token }} - -H "Authorization: token {{ $value.token }}" \ - {{- end }} - {{- if $value.bearerToken }} - -H "Authorization: Bearer {{ $value.bearerToken }}" \ - {{- end }} - {{- if $value.basic }} - -H "Authorization: Basic {{ $value.basic }}" \ - {{- end }} - {{- if $value.gitlabToken }} - -H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \ - {{- end }} - -H "Content-Type: application/json;charset=UTF-8" \ - {{- end }} - {{- $dpPath := "" -}} - {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers }} - {{- if eq $kd.name $provider }} - {{- $dpPath = $kd.options.path }} - {{- end }} - {{- end }} - {{- if $value.url }} - "{{ $value.url }}" \ - {{- else }} - "https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download" \ - {{- end }} - {{- if $value.datasource }} - {{- if kindIs "string" $value.datasource }} - | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g' \ - {{- end }} - {{- if kindIs "slice" $value.datasource }} - {{- range $value.datasource }} - | sed '/-- .* --/! s/${{"{"}}{{ .name }}}/{{ .value }}/g' \ - {{- end }} - {{- end }} - {{- end }} - {{- if $value.b64content }} - | base64 -d \ - {{- end }} - > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" - {{ end }} - {{- end }} - {{- end }} -{{- end }} + {{- include "grafana.configData" . | nindent 2 }} {{- end }} diff --git a/charts/grafana/templates/deployment.yaml b/charts/grafana/templates/deployment.yaml index bfa26bb40e..46c016faa3 100644 --- a/charts/grafana/templates/deployment.yaml +++ b/charts/grafana/templates/deployment.yaml @@ -33,14 +33,16 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ include "grafana.configData" . | sha256sum }} + {{- if .Values.dashboards }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} - checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} + {{- end }} + checksum/sc-dashboard-provider-config: {{ include "grafana.configDashboardProviderData" . | sha256sum }} {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/secret: {{ include "grafana.secretsData" . | sha256sum }} {{- end }} {{- if .Values.envRenderSecret }} - checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} + checksum/secret-env: {{ tpl (toYaml .Values.envRenderSecret) . | sha256sum }} {{- end }} kubectl.kubernetes.io/default-container: {{ .Chart.Name }} {{- with .Values.podAnnotations }} diff --git a/charts/grafana/templates/secret.yaml b/charts/grafana/templates/secret.yaml index 5cbd527448..fd2ca50f4b 100644 --- a/charts/grafana/templates/secret.yaml +++ b/charts/grafana/templates/secret.yaml @@ -12,15 +12,5 @@ metadata: {{- end }} type: Opaque data: - {{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} - admin-user: {{ .Values.adminUser | b64enc | quote }} - {{- if .Values.adminPassword }} - admin-password: {{ .Values.adminPassword | b64enc | quote }} - {{- else }} - admin-password: {{ include "grafana.password" . }} - {{- end }} - {{- end }} - {{- if not .Values.ldap.existingSecret }} - ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} - {{- end }} + {{- include "grafana.secretsData" . | nindent 2 }} {{- end }} From 892c2d7d234cd4790a9bbb39590d204e4a781983 Mon Sep 17 00:00:00 2001 From: Wei Kin Huang Date: Sun, 10 Dec 2023 21:01:48 -0500 Subject: [PATCH 048/211] [grafana] Allow setting dns config for pod template Signed-off-by: Wei Kin Huang --- charts/grafana/templates/_pod.tpl | 11 +++++++++-- charts/grafana/values.yaml | 10 ++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index f4b9fd36f1..1f11021c70 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -14,6 +14,13 @@ securityContext: hostAliases: {{- toYaml . | nindent 2 }} {{- end }} +{{- if .Values.dnsPolicy }} +dnsPolicy: {{ .Values.dnsPolicy }} +{{- end }} +{{- with .Values.dnsConfig }} +dnsConfig: + {{- toYaml . | nindent 2 }} +{{- end }} {{- with .Values.priorityClassName }} priorityClassName: {{ . }} {{- end }} @@ -169,7 +176,7 @@ initContainers: mountPath: "/etc/grafana/provisioning/alerting" {{- with .Values.sidecar.alerts.extraMounts }} {{- toYaml . | trim | nindent 6 }} - {{- end }} + {{- end }} {{- end }} {{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }} - name: {{ include "grafana.name" . }}-init-sc-datasources @@ -411,7 +418,7 @@ containers: mountPath: "/etc/grafana/provisioning/alerting" {{- with .Values.sidecar.alerts.extraMounts }} {{- toYaml . | trim | nindent 6 }} - {{- end }} + {{- end }} {{- end}} {{- if .Values.sidecar.dashboards.enabled }} - name: {{ include "grafana.name" . }}-sc-dashboard diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 07502cc5ae..c675c7bd74 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -116,6 +116,16 @@ testFramework: imagePullPolicy: IfNotPresent securityContext: {} +# dns configuration for pod +dnsPolicy: ~ +dnsConfig: {} + # nameservers: + # - 8.8.8.8 + # options: + # - name: ndots + # value: "2" + # - name: edns0 + securityContext: runAsNonRoot: true runAsUser: 472 From a59e7c654c4c73c70fe561ddec61f53b37e65905 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20Austerm=C3=BChle?= Date: Mon, 11 Dec 2023 15:38:27 +0100 Subject: [PATCH 049/211] Bump grafana chart version to v7.0.15 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stephan Austermühle --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index adf084f288..c993496cf7 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.14 +version: 7.0.15 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 357f763ed2bc687ad6cd4fc414459677172b8789 Mon Sep 17 00:00:00 2001 From: MH Date: Tue, 12 Dec 2023 21:49:19 +0800 Subject: [PATCH 050/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index adf084f288..c993496cf7 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.14 +version: 7.0.15 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From a2c8a150ff05d778376323fa98bb25f330ed12ff Mon Sep 17 00:00:00 2001 From: Davenury Date: Tue, 12 Dec 2023 18:09:52 +0100 Subject: [PATCH 051/211] generate docs; lint Signed-off-by: Davenury --- charts/tempo-distributed/README.md | 5 +++-- charts/tempo-distributed/values.yaml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index cecbb14328..1e2b4c661d 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -451,7 +451,7 @@ The memcached default args are removed and should be provided manually. The sett | global.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets for all images, excluding enterprise. Names of existing secrets with private container registry credentials. Ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod Example: pullSecrets: [ my-dockerconfigjson-secret ] | | global.image.registry | string | `"docker.io"` | Overrides the Docker registry globally for all images, excluding enterprise. | | global.priorityClassName | string | `nil` | Overrides the priorityClassName for all pods | -| global_overrides.metrics_generator_processors | list | `[]` | | +| global_overrides.metrics_generator_processors | list | `[]` | List of enabled metrics generator processors ([service-graphs, span-metrics]) | | global_overrides.per_tenant_override_config | string | `"/runtime-config/overrides.yaml"` | | | ingester.affinity | string | Soft node and soft zone anti-affinity | Affinity for ingester pods. Passed through `tpl` and, thus, to be configured as string | | ingester.annotations | object | `{}` | Annotations for the ingester StatefulSet | @@ -561,6 +561,7 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.appProtocol | object | `{"grpc":null}` | Adds the appProtocol field to the metricsGenerator service. This allows metricsGenerator to work with istio protocol selection. | | metricsGenerator.appProtocol.grpc | string | `nil` | Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" | | metricsGenerator.config | object | `{"metrics_ingestion_time_range_slack":"30s","processor":{"service_graphs":{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10},"span_metrics":{"dimensions":[],"histogram_buckets":[0.002,0.004,0.008,0.016,0.032,0.064,0.128,0.256,0.512,1.02,2.05,4.1]}},"registry":{"collection_interval":"15s","external_labels":{},"stale_duration":"15m"},"storage":{"path":"/var/tempo/wal","remote_write":[],"remote_write_flush_deadline":"1m","wal":null}}` | More information on configuration: https://grafana.com/docs/tempo/latest/configuration/#metrics-generator | +| metricsGenerator.config.processor.service_graphs | object | `{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10}` | For processors to be enabled and generate metrics, pass the names of the processors to overrides.metrics_generator_processors value like [service-graphs, span-metrics] | | metricsGenerator.config.processor.service_graphs.dimensions | list | `[]` | resource and span attributes and are added to the metrics if present. | | metricsGenerator.config.processor.span_metrics.dimensions | list | `[]` | Dimensions are searched for in the resource and span attributes and are added to the metrics if present. | | metricsGenerator.config.storage.remote_write | list | `[]` | https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index b9fe43feb6..5359988d86 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1323,7 +1323,7 @@ storage: # Global overrides global_overrides: per_tenant_override_config: /runtime-config/overrides.yaml - # -- List of enabled metrics generator processors ([service-graphs, span-metrics]) + # -- List of enabled metrics generator processors ([service-graphs, span-metrics]) metrics_generator_processors: [] # Per tenants overrides From dd0d27dba0cff1809bab673efd7a51a75d12555e Mon Sep 17 00:00:00 2001 From: Davenury Date: Tue, 12 Dec 2023 19:28:49 +0100 Subject: [PATCH 052/211] regenerate docs Signed-off-by: Davenury --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 1e2b4c661d..86cb7fe53c 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -451,7 +451,7 @@ The memcached default args are removed and should be provided manually. The sett | global.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets for all images, excluding enterprise. Names of existing secrets with private container registry credentials. Ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod Example: pullSecrets: [ my-dockerconfigjson-secret ] | | global.image.registry | string | `"docker.io"` | Overrides the Docker registry globally for all images, excluding enterprise. | | global.priorityClassName | string | `nil` | Overrides the priorityClassName for all pods | -| global_overrides.metrics_generator_processors | list | `[]` | List of enabled metrics generator processors ([service-graphs, span-metrics]) | +| global_overrides.metrics_generator_processors | list | `[]` | List of enabled metrics generator processors ([service-graphs, span-metrics]) | | global_overrides.per_tenant_override_config | string | `"/runtime-config/overrides.yaml"` | | | ingester.affinity | string | Soft node and soft zone anti-affinity | Affinity for ingester pods. Passed through `tpl` and, thus, to be configured as string | | ingester.annotations | object | `{}` | Annotations for the ingester StatefulSet | From 93a993c0954cf1b1b0bae1c2e56b3b1592eea904 Mon Sep 17 00:00:00 2001 From: Marcel Heers Date: Sat, 16 Dec 2023 10:38:50 +0200 Subject: [PATCH 053/211] [grafana] Updates comments in values.yaml to align extraVolumes.hostPath with yaml structure of v1.HostPathVolumeSource Signed-off-by: Marcel Heers --- charts/grafana/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index ab7c8e105b..9d3b6cc5d3 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -551,7 +551,9 @@ extraVolumes: [] # - name: extra-volume-0 # existingClaim: volume-claim # - name: extra-volume-1 - # hostPath: /usr/shared/ + # hostPath: + # path: /usr/shared/ + # type: "" # - name: grafana-secrets # csi: # driver: secrets-store.csi.k8s.io From 6f832e944ed000d73f769cd767782c9f0a19e2ec Mon Sep 17 00:00:00 2001 From: Marcel Heers Date: Sat, 16 Dec 2023 10:51:17 +0200 Subject: [PATCH 054/211] bumps the chart version Signed-off-by: Marcel Heers --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 540152ae23..8e1dcb23dd 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.17 +version: 7.0.18 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 7e938f8b9cdc2f4d16a468bc83b1c34e45a25288 Mon Sep 17 00:00:00 2001 From: MH Date: Sun, 17 Dec 2023 05:13:25 +0800 Subject: [PATCH 055/211] Update Chart.yaml Signed-off-by: MH --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 723f8b7028..12cf79a6f8 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.2 +version: 1.7.3 appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From 8459d24511766518b69fa349215789abe548480e Mon Sep 17 00:00:00 2001 From: MH Date: Sun, 17 Dec 2023 05:13:45 +0800 Subject: [PATCH 056/211] Update README.md Signed-off-by: MH --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 86cb7fe53c..b67bfae36e 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.3](https://img.shields.io/badge/Version-1.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) Grafana Tempo in MicroService mode From 0f331267e48e8b49be1db5d9901b46f0ada1e8ea Mon Sep 17 00:00:00 2001 From: rasta-rocket Date: Sat, 28 Oct 2023 22:28:00 +0200 Subject: [PATCH 057/211] [loki-distributed] manage compactor as statefulset Signed-off-by: rasta-rocket --- charts/loki-distributed/README.md | 8 + .../compactor/_helpers-compactor.tpl | 30 +++ .../compactor/deployment-compactor.yaml | 2 + .../persistentvolumeclaim-compactor.yaml | 2 + .../compactor/statefulset-compactor.yaml | 190 ++++++++++++++++++ charts/loki-distributed/values.yaml | 26 +++ 6 files changed, 258 insertions(+) create mode 100644 charts/loki-distributed/templates/compactor/statefulset-compactor.yaml diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index 61bc0708ac..9453ce8eee 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -103,14 +103,22 @@ kubectl delete statefulset RELEASE_NAME-loki-distributed-querier -n LOKI_NAMESPA | compactor.image.repository | string | `nil` | Docker image repository for the compactor image. Overrides `loki.image.repository` | | compactor.image.tag | string | `nil` | Docker image tag for the compactor image. Overrides `loki.image.tag` | | compactor.initContainers | list | `[]` | Init containers to add to the compactor pods | +| compactor.kind | string | `"StatefulSet"` | Kind of deployment [StatefulSet/Deployment] | +| compactor.livenessProbe | object | `{}` | liveness probe settings for ingester pods. If empty use `loki.livenessProbe` | | compactor.nodeSelector | object | `{}` | Node selector for compactor pods | | compactor.persistence.annotations | object | `{}` | Annotations for compactor PVCs | +| compactor.persistence.claims | list | `[{"name":"data","size":"10Gi","storageClass":null}]` | List of the compactor PVCs @notationType -- list | +| compactor.persistence.enableStatefulSetAutoDeletePVC | bool | `false` | Enable StatefulSetAutoDeletePVC feature | | compactor.persistence.enabled | bool | `false` | Enable creating PVCs for the compactor | | compactor.persistence.size | string | `"10Gi"` | Size of persistent disk | | compactor.persistence.storageClass | string | `nil` | Storage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). | +| compactor.persistence.whenDeleted | string | `"Retain"` | | +| compactor.persistence.whenScaled | string | `"Retain"` | | | compactor.podAnnotations | object | `{}` | Annotations for compactor pods | | compactor.podLabels | object | `{}` | Labels for compactor pods | | compactor.priorityClassName | string | `nil` | The name of the PriorityClass for compactor pods | +| compactor.readinessProbe | object | `{}` | readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` | +| compactor.replicas | int | `1` | Number of replicas for the compactor | | compactor.resources | object | `{}` | Resource requests and limits for the compactor | | compactor.serviceAccount.annotations | object | `{}` | Annotations for the compactor service account | | compactor.serviceAccount.automountServiceAccountToken | bool | `true` | Set this toggle to false to opt out of automounting API credentials for the service account | diff --git a/charts/loki-distributed/templates/compactor/_helpers-compactor.tpl b/charts/loki-distributed/templates/compactor/_helpers-compactor.tpl index 46b0b2f298..75c21db167 100644 --- a/charts/loki-distributed/templates/compactor/_helpers-compactor.tpl +++ b/charts/loki-distributed/templates/compactor/_helpers-compactor.tpl @@ -29,6 +29,36 @@ compactor image {{- include "loki.lokiImage" $dict -}} {{- end }} +{{/* +compactor readinessProbe +*/}} +{{- define "loki.compactor.readinessProbe" -}} +{{- with .Values.compactor.readinessProbe }} +readinessProbe: + {{- toYaml . | nindent 2 }} +{{- else }} +{{- with .Values.loki.readinessProbe }} +readinessProbe: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +compactor livenessProbe +*/}} +{{- define "loki.compactor.livenessProbe" -}} +{{- with .Values.compactor.livenessProbe }} +livenessProbe: + {{- toYaml . | nindent 2 }} +{{- else }} +{{- with .Values.loki.livenessProbe }} +livenessProbe: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end -}} + {{/* compactor priority class name */}} diff --git a/charts/loki-distributed/templates/compactor/deployment-compactor.yaml b/charts/loki-distributed/templates/compactor/deployment-compactor.yaml index d669fec7a2..f6b440931c 100644 --- a/charts/loki-distributed/templates/compactor/deployment-compactor.yaml +++ b/charts/loki-distributed/templates/compactor/deployment-compactor.yaml @@ -1,4 +1,5 @@ {{- if .Values.compactor.enabled }} +{{- if eq .Values.compactor.kind "Deployment"}} apiVersion: apps/v1 kind: Deployment metadata: @@ -151,3 +152,4 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/loki-distributed/templates/compactor/persistentvolumeclaim-compactor.yaml b/charts/loki-distributed/templates/compactor/persistentvolumeclaim-compactor.yaml index e19171af24..de71a01aa4 100644 --- a/charts/loki-distributed/templates/compactor/persistentvolumeclaim-compactor.yaml +++ b/charts/loki-distributed/templates/compactor/persistentvolumeclaim-compactor.yaml @@ -1,4 +1,5 @@ {{- if and .Values.compactor.enabled .Values.compactor.persistence.enabled }} +{{- if eq .Values.compactor.kind "Deployment"}} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -20,3 +21,4 @@ spec: requests: storage: "{{ .Values.compactor.persistence.size }}" {{- end }} +{{- end }} diff --git a/charts/loki-distributed/templates/compactor/statefulset-compactor.yaml b/charts/loki-distributed/templates/compactor/statefulset-compactor.yaml new file mode 100644 index 0000000000..ed9297504a --- /dev/null +++ b/charts/loki-distributed/templates/compactor/statefulset-compactor.yaml @@ -0,0 +1,190 @@ +{{- if .Values.compactor.enabled }} +{{- if eq .Values.compactor.kind "StatefulSet"}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "loki.compactorFullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "loki.compactorLabels" . | nindent 4 }} + app.kubernetes.io/part-of: memberlist + {{- with .Values.loki.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.compactor.replicas }} + podManagementPolicy: Parallel + updateStrategy: + rollingUpdate: + partition: 0 + serviceName: {{ include "loki.compactorFullname" . }}-headless + revisionHistoryLimit: {{ .Values.loki.revisionHistoryLimit }} + {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.compactor.persistence.enableStatefulSetAutoDeletePVC) }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.compactor.persistence.whenDeleted }} + whenScaled: {{ .Values.compactor.persistence.whenScaled }} + {{- end }} + selector: + matchLabels: + {{- include "loki.compactorSelectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- include "loki.config.checksum" . | nindent 8 }} + {{- with .Values.loki.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compactor.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "loki.compactorSelectorLabels" . | nindent 8 }} + app.kubernetes.io/part-of: memberlist + {{- with .Values.loki.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compactor.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + {{- with .Values.compactor.topologySpreadConstraints }} + topologySpreadConstraints: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "loki.serviceAccountName" . }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compactor.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "loki.compactorPriorityClassName" . | nindent 6 }} + securityContext: + {{- toYaml .Values.loki.podSecurityContext | nindent 8 }} + terminationGracePeriodSeconds: {{ .Values.compactor.terminationGracePeriodSeconds }} + {{- with .Values.compactor.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: compactor + image: {{ include "loki.compactorImage" . }} + imagePullPolicy: {{ .Values.loki.image.pullPolicy }} + {{- if or .Values.loki.command .Values.compactor.command }} + command: + - {{ coalesce .Values.compactor.command .Values.loki.command | quote }} + {{- end }} + args: + - -config.file=/etc/loki/config/config.yaml + - -target=compactor + {{- with .Values.compactor.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 3100 + protocol: TCP + - name: grpc + containerPort: 9095 + protocol: TCP + - name: http-memberlist + containerPort: 7946 + protocol: TCP + {{- with .Values.compactor.extraEnv }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.compactor.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + securityContext: + {{- toYaml .Values.loki.containerSecurityContext | nindent 12 }} + {{- include "loki.compactor.readinessProbe" . | nindent 10 }} + {{- include "loki.compactor.livenessProbe" . | nindent 10 }} + volumeMounts: + - name: temp + mountPath: /tmp + - name: config + mountPath: /etc/loki/config + - name: runtime-config + mountPath: /var/{{ include "loki.name" . }}-runtime + - name: data + mountPath: /var/loki + {{- with .Values.compactor.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.compactor.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.compactor.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.compactor.extraContainers }} + {{- toYaml .Values.compactor.extraContainers | nindent 8}} + {{- end }} + {{- with .Values.compactor.affinity }} + affinity: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- with .Values.compactor.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.compactor.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: temp + emptyDir: {} + - name: config + {{- if .Values.loki.existingSecretForConfig }} + secret: + secretName: {{ .Values.loki.existingSecretForConfig }} + {{- else if .Values.loki.configAsSecret }} + secret: + secretName: {{ include "loki.fullname" . }}-config + {{- else }} + configMap: + name: {{ include "loki.fullname" . }} + {{- end }} + - name: runtime-config + configMap: + name: {{ template "loki.fullname" . }}-runtime + {{- if not .Values.compactor.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- with .Values.compactor.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.compactor.persistence.enabled }} + volumeClaimTemplates: + {{- range .Values.compactor.persistence.claims }} + - metadata: + name: {{ .name }} + {{- with .annotations }} + annotations: + {{- . | toYaml | nindent 10 }} + {{- end }} + spec: + accessModes: + - ReadWriteOnce + {{- with .storageClass }} + storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }} + {{- end }} + resources: + requests: + storage: {{ .size | quote }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/loki-distributed/values.yaml b/charts/loki-distributed/values.yaml index 97faee7d98..ab32c0e87d 100644 --- a/charts/loki-distributed/values.yaml +++ b/charts/loki-distributed/values.yaml @@ -1325,6 +1325,10 @@ gateway: # Configuration for the compactor compactor: + # -- Kind of deployment [StatefulSet/Deployment] + kind: StatefulSet + # -- Number of replicas for the compactor + replicas: 1 # -- Specifies whether compactor should be enabled enabled: false # -- hostAliases to add @@ -1375,6 +1379,10 @@ compactor: extraVolumeMounts: [] # -- Volumes to add to the compactor pods extraVolumes: [] + # -- readiness probe settings for ingester pods. If empty, use `loki.readinessProbe` + readinessProbe: {} + # -- liveness probe settings for ingester pods. If empty use `loki.livenessProbe` + livenessProbe: {} # -- Resource requests and limits for the compactor resources: {} # -- Containers to add to the compactor pods @@ -1403,6 +1411,24 @@ compactor: storageClass: null # -- Annotations for compactor PVCs annotations: {} + # -- List of the compactor PVCs + # @notationType -- list + claims: + - name: data + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # - name: wal + # size: 150Gi + # -- Enable StatefulSetAutoDeletePVC feature + enableStatefulSetAutoDeletePVC: false + whenDeleted: Retain + whenScaled: Retain + serviceAccount: create: false # -- The name of the ServiceAccount to use for the compactor. From 6a0d6379af04d648fd6163e3d37f0ac99d067f38 Mon Sep 17 00:00:00 2001 From: rasta-rocket Date: Mon, 18 Dec 2023 18:20:39 +0100 Subject: [PATCH 058/211] [loki-distributed] bump version to 0.78.0 Signed-off-by: rasta-rocket --- charts/loki-distributed/Chart.yaml | 2 +- charts/loki-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index f800a83254..1e25cdfe7b 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -3,7 +3,7 @@ name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application appVersion: 2.9.2 -version: 0.77.0 +version: 0.78.0 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index 9453ce8eee..e59e7fdf33 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.77.0](https://img.shields.io/badge/Version-0.77.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.78.0](https://img.shields.io/badge/Version-0.78.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 965a44a0902f6f51a91fa41c2f6539ff061e12fa Mon Sep 17 00:00:00 2001 From: MH Date: Tue, 19 Dec 2023 09:30:34 +0800 Subject: [PATCH 059/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 8e1dcb23dd..8c2c9e1126 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.18 +version: 7.0.19 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From fe0b65d5e44ed6bd641a0b3564d983b460ef4226 Mon Sep 17 00:00:00 2001 From: siryur <12106023+siryur@users.noreply.github.com> Date: Thu, 14 Dec 2023 16:40:55 +0100 Subject: [PATCH 060/211] Search for some valid value when comparing to `null` This is a backwards compatible implementation as null will fail and any value should make it work. Signed-off-by: siryur <12106023+siryur@users.noreply.github.com> --- .../templates/distributor/poddisruptionbudget-distributor.yaml | 2 +- .../templates/gateway/poddisruptionbudget-gateway.yaml | 2 +- .../index-gateway/poddisruptionbudget-index-gateway.yaml | 2 +- .../templates/ingester/poddisruptionbudget-ingester.yaml | 2 +- .../memcached-chunks/poddisruptionbudget-memcached-chunks.yaml | 2 +- .../poddisruptionbudget-memcached-frontend.yaml | 2 +- .../poddisruptionbudget-memcached-index-queries.yaml | 2 +- .../poddisruptionbudget-memcached-index-writes.yaml | 2 +- .../templates/querier/poddisruptionbudget-querier.yaml | 2 +- .../query-frontend/poddisruptionbudget-query-frontent.yaml | 2 +- .../query-scheduler/poddisruptionbudget-query-scheduler.yaml | 2 +- .../templates/ruler/poddisruptionbudget-ruler.yaml | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/loki-distributed/templates/distributor/poddisruptionbudget-distributor.yaml b/charts/loki-distributed/templates/distributor/poddisruptionbudget-distributor.yaml index 405fa12ddf..8de6fd3da9 100644 --- a/charts/loki-distributed/templates/distributor/poddisruptionbudget-distributor.yaml +++ b/charts/loki-distributed/templates/distributor/poddisruptionbudget-distributor.yaml @@ -1,5 +1,5 @@ {{- if gt (int .Values.distributor.replicas) 1 }} -{{- if not .Values.distributor.maxUnavailable }} +{{- if kindIs "invalid" .Values.distributor.maxUnavailable }} {{- fail "`.Values.distributor.maxUnavailable` must be set when `.Values.distributor.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/gateway/poddisruptionbudget-gateway.yaml b/charts/loki-distributed/templates/gateway/poddisruptionbudget-gateway.yaml index e3edde28fe..8b2279f0ee 100644 --- a/charts/loki-distributed/templates/gateway/poddisruptionbudget-gateway.yaml +++ b/charts/loki-distributed/templates/gateway/poddisruptionbudget-gateway.yaml @@ -1,5 +1,5 @@ {{- if and .Values.gateway.enabled (gt (int .Values.gateway.replicas) 1) }} -{{- if not .Values.gateway.maxUnavailable }} +{{- if kindIs "invalid" .Values.gateway.maxUnavailable }} {{- fail "`.Values.gateway.maxUnavailable` must be set when `.Values.gateway.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/index-gateway/poddisruptionbudget-index-gateway.yaml b/charts/loki-distributed/templates/index-gateway/poddisruptionbudget-index-gateway.yaml index af62cf0c9c..acf73a5811 100644 --- a/charts/loki-distributed/templates/index-gateway/poddisruptionbudget-index-gateway.yaml +++ b/charts/loki-distributed/templates/index-gateway/poddisruptionbudget-index-gateway.yaml @@ -1,5 +1,5 @@ {{- if and .Values.indexGateway.enabled (gt (int .Values.indexGateway.replicas) 1) }} -{{- if not .Values.indexGateway.maxUnavailable }} +{{- if kindIs "invalid" .Values.indexGateway.maxUnavailable }} {{- fail "`.Values.indexGateway.maxUnavailable` must be set when `.Values.indexGateway.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/ingester/poddisruptionbudget-ingester.yaml b/charts/loki-distributed/templates/ingester/poddisruptionbudget-ingester.yaml index bbb8823791..0e56f8b096 100644 --- a/charts/loki-distributed/templates/ingester/poddisruptionbudget-ingester.yaml +++ b/charts/loki-distributed/templates/ingester/poddisruptionbudget-ingester.yaml @@ -1,5 +1,5 @@ {{- if gt (int .Values.ingester.replicas) 1 }} -{{- if not .Values.ingester.maxUnavailable }} +{{- if kindIs "invalid" .Values.ingester.maxUnavailable }} {{- fail "`.Values.ingester.maxUnavailable` must be set when `.Values.ingester.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/memcached-chunks/poddisruptionbudget-memcached-chunks.yaml b/charts/loki-distributed/templates/memcached-chunks/poddisruptionbudget-memcached-chunks.yaml index 7e096fed88..8510de5064 100644 --- a/charts/loki-distributed/templates/memcached-chunks/poddisruptionbudget-memcached-chunks.yaml +++ b/charts/loki-distributed/templates/memcached-chunks/poddisruptionbudget-memcached-chunks.yaml @@ -1,5 +1,5 @@ {{- if and .Values.memcachedChunks.enabled (gt (int .Values.memcachedChunks.replicas) 1) }} -{{- if not .Values.memcachedChunks.maxUnavailable }} +{{- if kindIs "invalid" .Values.memcachedChunks.maxUnavailable }} {{- fail "`.Values.memcachedChunks.maxUnavailable` must be set when `.Values.memcachedChunks.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/memcached-frontend/poddisruptionbudget-memcached-frontend.yaml b/charts/loki-distributed/templates/memcached-frontend/poddisruptionbudget-memcached-frontend.yaml index 448a8b0125..b1d4966b1a 100644 --- a/charts/loki-distributed/templates/memcached-frontend/poddisruptionbudget-memcached-frontend.yaml +++ b/charts/loki-distributed/templates/memcached-frontend/poddisruptionbudget-memcached-frontend.yaml @@ -1,5 +1,5 @@ {{- if and .Values.memcachedFrontend.enabled (gt (int .Values.memcachedFrontend.replicas) 1) }} -{{- if not .Values.memcachedFrontend.maxUnavailable }} +{{- if kindIs "invalid" .Values.memcachedFrontend.maxUnavailable }} {{- fail "`.Values.memcachedFrontend.maxUnavailable` must be set when `.Values.memcachedFrontend.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/memcached-index-queries/poddisruptionbudget-memcached-index-queries.yaml b/charts/loki-distributed/templates/memcached-index-queries/poddisruptionbudget-memcached-index-queries.yaml index 422c111db4..78e6b2ee88 100644 --- a/charts/loki-distributed/templates/memcached-index-queries/poddisruptionbudget-memcached-index-queries.yaml +++ b/charts/loki-distributed/templates/memcached-index-queries/poddisruptionbudget-memcached-index-queries.yaml @@ -1,5 +1,5 @@ {{- if and .Values.memcachedIndexQueries.enabled (gt (int .Values.memcachedIndexQueries.replicas) 1) }} -{{- if not .Values.memcachedIndexQueries.maxUnavailable }} +{{- if kindIs "invalid" .Values.memcachedIndexQueries.maxUnavailable }} {{- fail "`.Values.memcachedIndexQueries.maxUnavailable` must be set when `.Values.memcachedIndexQueries.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/memcached-index-writes/poddisruptionbudget-memcached-index-writes.yaml b/charts/loki-distributed/templates/memcached-index-writes/poddisruptionbudget-memcached-index-writes.yaml index 443884c9c1..f444582656 100644 --- a/charts/loki-distributed/templates/memcached-index-writes/poddisruptionbudget-memcached-index-writes.yaml +++ b/charts/loki-distributed/templates/memcached-index-writes/poddisruptionbudget-memcached-index-writes.yaml @@ -1,5 +1,5 @@ {{- if and .Values.memcachedIndexWrites.enabled (gt (int .Values.memcachedIndexWrites.replicas) 1) }} -{{- if not .Values.memcachedIndexWrites.maxUnavailable }} +{{- if kindIs "invalid" .Values.memcachedIndexWrites.maxUnavailable }} {{- fail "`.Values.memcachedIndexWrites.maxUnavailable` must be set when `.Values.memcachedIndexWrites.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/querier/poddisruptionbudget-querier.yaml b/charts/loki-distributed/templates/querier/poddisruptionbudget-querier.yaml index b79f341ec4..f178a29d40 100644 --- a/charts/loki-distributed/templates/querier/poddisruptionbudget-querier.yaml +++ b/charts/loki-distributed/templates/querier/poddisruptionbudget-querier.yaml @@ -1,5 +1,5 @@ {{- if gt (int .Values.querier.replicas) 1 }} -{{- if not .Values.querier.maxUnavailable }} +{{- if kindIs "invalid" .Values.querier.maxUnavailable }} {{- fail "`.Values.querier.maxUnavailable` must be set when `.Values.querier.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/query-frontend/poddisruptionbudget-query-frontent.yaml b/charts/loki-distributed/templates/query-frontend/poddisruptionbudget-query-frontent.yaml index 54a85c2008..f6022e8a06 100644 --- a/charts/loki-distributed/templates/query-frontend/poddisruptionbudget-query-frontent.yaml +++ b/charts/loki-distributed/templates/query-frontend/poddisruptionbudget-query-frontent.yaml @@ -1,5 +1,5 @@ {{- if gt (int .Values.queryFrontend.replicas) 1 }} -{{- if not .Values.queryFrontend.maxUnavailable }} +{{- if kindIs "invalid" .Values.queryFrontend.maxUnavailable }} {{- fail "`.Values.queryFrontend.maxUnavailable` must be set when `.Values.queryFrontend.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/query-scheduler/poddisruptionbudget-query-scheduler.yaml b/charts/loki-distributed/templates/query-scheduler/poddisruptionbudget-query-scheduler.yaml index 87adb3592e..9b1a8937d7 100644 --- a/charts/loki-distributed/templates/query-scheduler/poddisruptionbudget-query-scheduler.yaml +++ b/charts/loki-distributed/templates/query-scheduler/poddisruptionbudget-query-scheduler.yaml @@ -1,5 +1,5 @@ {{- if and .Values.queryScheduler.enabled (gt (int .Values.queryScheduler.replicas) 1) }} -{{- if not .Values.queryScheduler.maxUnavailable }} +{{- if kindIs "invalid" .Values.queryScheduler.maxUnavailable }} {{- fail "`.Values.queryScheduler.maxUnavailable` must be set when `.Values.queryScheduler.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} diff --git a/charts/loki-distributed/templates/ruler/poddisruptionbudget-ruler.yaml b/charts/loki-distributed/templates/ruler/poddisruptionbudget-ruler.yaml index 3ab4ae631d..09925a89a9 100644 --- a/charts/loki-distributed/templates/ruler/poddisruptionbudget-ruler.yaml +++ b/charts/loki-distributed/templates/ruler/poddisruptionbudget-ruler.yaml @@ -1,5 +1,5 @@ {{- if and .Values.ruler.enabled (gt (int .Values.ruler.replicas) 1) }} -{{- if not .Values.ruler.maxUnavailable }} +{{- if kindIs "invalid" .Values.ruler.maxUnavailable }} {{- fail "`.Values.ruler.maxUnavailable` must be set when `.Values.ruler.replicas` is greater than 1." }} {{- else }} apiVersion: {{ include "loki.pdb.apiVersion" . }} From 8394fce8266d42d467d25aa037c9af8bf3a5fa6d Mon Sep 17 00:00:00 2001 From: Bento <12106023+siryur@users.noreply.github.com> Date: Mon, 18 Dec 2023 12:42:04 +0100 Subject: [PATCH 061/211] Update loki-distributed chart version Signed-off-by: siryur <12106023+siryur@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 2 +- charts/loki-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 1e25cdfe7b..2dbd096bd3 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -3,7 +3,7 @@ name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application appVersion: 2.9.2 -version: 0.78.0 +version: 0.78.1 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index e59e7fdf33..bf19d6e299 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.0](https://img.shields.io/badge/Version-0.78.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.78.1](https://img.shields.io/badge/Version-0.78.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 4c4f90655723449f205f73943a9e320a7e77d8df Mon Sep 17 00:00:00 2001 From: Marcos Tenrero Date: Wed, 20 Dec 2023 12:12:53 +0100 Subject: [PATCH 062/211] Support Datasource sidecar having envValueFrom Signed-off-by: Marcos Tenrero Signed-off-by: Marcos Tenrero --- charts/grafana/templates/_pod.tpl | 5 +++++ charts/grafana/values.yaml | 1 + 2 files changed, 6 insertions(+) diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index ae22a57d59..c91d22f978 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -434,6 +434,11 @@ containers: - name: "{{ $key }}" value: "{{ $value }}" {{- end }} + {{- range $key, $value := .Values.sidecar.datasources.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: + {{- tpl (toYaml $value) $ | nindent 10 }} + {{- end }} {{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }} - name: IGNORE_ALREADY_PROCESSED value: "true" diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index afa1472dd7..bde8b11fdd 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -961,6 +961,7 @@ sidecar: enabled: false # Additional environment variables for the datasourcessidecar env: {} + envValueFrom: {} # Do not reprocess already processed unchanged resources on k8s API reconnect. # ignoreAlreadyProcessed: true # label that the configmaps with datasources are marked with From 0d65d0f7a97ca22ca887602784bdfe10bb0e74fa Mon Sep 17 00:00:00 2001 From: verejoel Date: Mon, 9 Oct 2023 13:34:54 +0200 Subject: [PATCH 063/211] [loki-distributed] Query scheduler and index gateway join the memberlist According to the Grafana Loki [documentation](https://grafana.com/docs/loki/latest/get-started/hash-rings/): * the query scheduler must be part of a hashring * the index gateway may optionally be part of a hashring This PR updates the chart such that the query scheduler and index gateway pods will expose the memberlist container port 7946, and include the member list selector label. The index gateway may optionally be prevented from joining the memberlist by setting `.Values.indexGateway.joinMemberlist` to false (default true), reflecting the current state of the documentation. Signed-off-by: verejoel Signed-off-by: Sheikh-Abubaker --- charts/loki-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index e59e7fdf33..10bb5af73c 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -300,7 +300,7 @@ kubectl delete statefulset RELEASE_NAME-loki-distributed-querier -n LOKI_NAMESPA | ingester.maxSurge | int | `0` | Max Surge for ingester pods | | ingester.maxUnavailable | string | `nil` | Pod Disruption Budget maxUnavailable | | ingester.nodeSelector | object | `{}` | Node selector for ingester pods | -| ingester.persistence.claims | list | `[{"name":"data","size":"10Gi","storageClass":null}]` | List of the ingester PVCs @notationType -- list | +| ingester.persistence.claims | list | | List of the ingester PVCs | | ingester.persistence.enableStatefulSetAutoDeletePVC | bool | `false` | Enable StatefulSetAutoDeletePVC feature | | ingester.persistence.enabled | bool | `false` | Enable creating PVCs which is required when using boltdb-shipper | | ingester.persistence.inMemory | bool | `false` | Use emptyDir with ramdisk for storage. **Please note that all data in ingester will be lost on pod restart** | From 622edfa6775763e5d2aac210167fcef6f78eca25 Mon Sep 17 00:00:00 2001 From: Heds Simons Date: Fri, 13 Oct 2023 15:45:38 -0700 Subject: [PATCH 064/211] [tempo-distributed] Update distributor proxy routes for GET 2.3.0. GET 2.3.0 now includes functionality that allows the gateway to accept traces both via OTLP gRPC and HTTP. Also includes ability to define own proxy routes as a flag existed to enable this, but no configuration was available to set them. Signed-off-by: Heds Simons --- charts/loki-distributed/README.md | 2 +- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 7 ++++--- charts/tempo-distributed/values.yaml | 18 +++++++++++++----- 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index 10bb5af73c..e59e7fdf33 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -300,7 +300,7 @@ kubectl delete statefulset RELEASE_NAME-loki-distributed-querier -n LOKI_NAMESPA | ingester.maxSurge | int | `0` | Max Surge for ingester pods | | ingester.maxUnavailable | string | `nil` | Pod Disruption Budget maxUnavailable | | ingester.nodeSelector | object | `{}` | Node selector for ingester pods | -| ingester.persistence.claims | list | | List of the ingester PVCs | +| ingester.persistence.claims | list | `[{"name":"data","size":"10Gi","storageClass":null}]` | List of the ingester PVCs @notationType -- list | | ingester.persistence.enableStatefulSetAutoDeletePVC | bool | `false` | Enable StatefulSetAutoDeletePVC feature | | ingester.persistence.enabled | bool | `false` | Enable creating PVCs which is required when using boltdb-shipper | | ingester.persistence.inMemory | bool | `false` | Use emptyDir with ramdisk for storage. **Please note that all data in ingester will be lost on pod restart** | diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 12cf79a6f8..991104c69e 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.3 +version: 1.7.4 appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index b67bfae36e..31a36713d1 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.3](https://img.shields.io/badge/Version-1.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.4](https://img.shields.io/badge/Version-1.7.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -315,7 +315,7 @@ The memcached default args are removed and should be provided manually. The sett | distributor.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for distributor pods. Passed through `tpl` and, thus, to be configured as string | | enterprise.enabled | bool | `false` | | | enterprise.image.repository | string | `"grafana/enterprise-traces"` | Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' | -| enterprise.image.tag | string | `"v2.2.1"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | +| enterprise.image.tag | string | `"v2.3.0"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | | enterpriseFederationFrontend.affinity | string | Hard node and soft zone anti-affinity | Affinity for federation-frontend pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseFederationFrontend.autoscaling.enabled | bool | `false` | Enable autoscaling for the federation-frontend | | enterpriseFederationFrontend.autoscaling.maxReplicas | int | `3` | Maximum autoscaling replicas for the federation-frontend | @@ -368,6 +368,7 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.podAnnotations | object | `{}` | | | enterpriseGateway.podDisruptionBudget | object | `{}` | | | enterpriseGateway.podLabels | object | `{}` | | +| enterpriseGateway.proxy | object | `{}` | Proxy URLs defined in this object will be used if useDefaultProxyURLs is set to false. | | enterpriseGateway.readinessProbe.httpGet.path | string | `"/ready"` | | | enterpriseGateway.readinessProbe.httpGet.port | string | `"http-metrics"` | | | enterpriseGateway.readinessProbe.initialDelaySeconds | int | `45` | | @@ -384,7 +385,7 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.terminationGracePeriodSeconds | int | `60` | | | enterpriseGateway.tolerations | list | `[]` | | | enterpriseGateway.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for enterprise-gateway pods. Passed through `tpl` and, thus, to be configured as string | -| enterpriseGateway.useDefaultProxyURLs | bool | `true` | | +| enterpriseGateway.useDefaultProxyURLs | bool | `true` | If you want to use your own proxy URLs, set this to false. | | externalConfigSecretName | string | `"{{ include \"tempo.resourceName\" (dict \"ctx\" . \"component\" \"config\") }}"` | Name of the Secret or ConfigMap that contains the configuration (used for naming even if config is internal). | | externalConfigVersion | string | `"0"` | When 'useExternalConfig' is true, then changing 'externalConfigVersion' triggers restart of services - otherwise changes to the configuration cause a restart. | | externalRuntimeConfigName | string | `"{{ include \"tempo.resourceName\" (dict \"ctx\" . \"component\" \"runtime\") }}"` | Name of the Secret or ConfigMap that contains the runtime configuration (used for naming even if config is internal). | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 5359988d86..2fb7193097 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1050,15 +1050,21 @@ config: | default: url: http://{{ template "tempo.fullname" . }}-admin-api.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} distributor: - url: http://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} - distributor_ingest: - url: h2c://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:4317 + otlp/grpc: + url: h2c://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:4317 + otlp/http: + url: http://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:4318 ingester: url: http://{{ template "tempo.fullname" . }}-ingester.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} querier: url: http://{{ template "tempo.fullname" . }}-querier.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} query_frontend: url: http://{{ template "tempo.fullname" . }}-query-frontend.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }}{{get .Values.tempo.structuredConfig "http_api_prefix"}} + {{else}} + {{- if and .Values.enterprise.enabled .Values.enterpriseGateway.proxy }} + gateway: + proxy: {{- toYaml .Values.enterpriseGateway.proxy | nindent 6 }} + {{- end }} {{- end }} compactor: @@ -1838,7 +1844,7 @@ enterprise: # -- Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' repository: grafana/enterprise-traces # -- Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' - tag: v2.2.1 + tag: v2.3.0 # Note: pullPolicy and optional pullSecrets are set in toplevel 'image' section, not here # In order to use Grafana Enterprise Traces features, you will need to provide the contents of your Grafana Enterprise Traces @@ -1959,8 +1965,10 @@ adminApi: # Settings for the gateway service providing authentication and authorization via the admin_api. # Can only be enabled if enterprise.enabled is true - requires license. enterpriseGateway: - # If you want to use your own proxy URLs, set this to false. + # -- If you want to use your own proxy URLs, set this to false. useDefaultProxyURLs: true + # -- Proxy URLs defined in this object will be used if useDefaultProxyURLs is set to false. + proxy: {} replicas: 1 # -- hostAliases to add hostAliases: [] From ec62be091f1ab5cf80acfeb06abb3624a9764a8c Mon Sep 17 00:00:00 2001 From: Mohd Sadiq Date: Fri, 29 Dec 2023 16:53:13 +0530 Subject: [PATCH 065/211] Quote hostname in ingress.yaml Signed-off-by: Mohd Sadiq --- charts/grafana/Chart.yaml | 2 +- charts/grafana/templates/ingress.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 8c2c9e1126..dee06d33ca 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.19 +version: 7.0.20 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/templates/ingress.yaml b/charts/grafana/templates/ingress.yaml index 063cdfaa52..b2ffd81095 100644 --- a/charts/grafana/templates/ingress.yaml +++ b/charts/grafana/templates/ingress.yaml @@ -34,7 +34,7 @@ spec: rules: {{- if .Values.ingress.hosts }} {{- range .Values.ingress.hosts }} - - host: {{ tpl . $ }} + - host: {{ tpl . $ | quote }} http: paths: {{- with $extraPaths }} From f72cddc5ee3285cac56a50b2968f7cc61179c2da Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Fri, 29 Dec 2023 23:26:18 +0530 Subject: [PATCH 066/211] Resolved merge conflicts Signed-off-by: Sheikh-Abubaker --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 4260c7da1d..4377b6e86a 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.0.7 -appVersion: 10.1.5 +version: 7.0.19 +appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net From 65d84f184426e2a3845eb9ee76979b0a2ed563af Mon Sep 17 00:00:00 2001 From: MH Date: Sun, 31 Dec 2023 18:57:15 +0800 Subject: [PATCH 067/211] Update service.yaml Signed-off-by: MH --- charts/grafana/templates/service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/templates/service.yaml b/charts/grafana/templates/service.yaml index 849a466a3e..e9396a15c6 100644 --- a/charts/grafana/templates/service.yaml +++ b/charts/grafana/templates/service.yaml @@ -21,7 +21,7 @@ spec: clusterIP: {{ . }} {{- end }} {{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} + type: LoadBalancer {{- with .Values.service.loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} From 9e124d0b7b81a128bf10ecae689c105bf85140ab Mon Sep 17 00:00:00 2001 From: MH Date: Sun, 31 Dec 2023 18:57:53 +0800 Subject: [PATCH 068/211] Update values.yaml Signed-off-by: MH --- charts/grafana/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 202058c36e..657e6add8e 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -206,7 +206,7 @@ gossipPortName: gossip ## service: enabled: true - type: LoadBalancer + type: ClusterIP loadBalancerIP: "" loadBalancerClass: "" loadBalancerSourceRanges: [] From 160f4c1a7c8bbd85cd21c3407502c055a9ff85dc Mon Sep 17 00:00:00 2001 From: MH Date: Sun, 31 Dec 2023 18:59:10 +0800 Subject: [PATCH 069/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 8c2c9e1126..dee06d33ca 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.19 +version: 7.0.20 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 3937163c462e119c6d5329cbae953f83d5789e46 Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Sun, 31 Dec 2023 20:46:44 +0530 Subject: [PATCH 070/211] Chart.yaml Signed-off-by: Sheikh-Abubaker --- charts/loki-stack/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/loki-stack/Chart.yaml b/charts/loki-stack/Chart.yaml index 8069d9fc78..90cc126ab9 100644 --- a/charts/loki-stack/Chart.yaml +++ b/charts/loki-stack/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: "v1" name: loki-stack -version: 2.9.11 +version: 2.9.3 appVersion: v2.6.1 kubeVersion: "^1.10.0-0" description: "Loki: like Prometheus, but for logs." From 7520e8a6c305e1bae4e624374ee2eb19cf9c9d2c Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Sun, 31 Dec 2023 20:59:21 +0530 Subject: [PATCH 071/211] Updated Chart.yaml Signed-off-by: Sheikh-Abubaker --- charts/loki-stack/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-stack/Chart.yaml b/charts/loki-stack/Chart.yaml index 90cc126ab9..a45dd3a326 100644 --- a/charts/loki-stack/Chart.yaml +++ b/charts/loki-stack/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: "v1" name: loki-stack -version: 2.9.3 -appVersion: v2.6.1 +version: 2.9.12 +appVersion: v2.9.3 kubeVersion: "^1.10.0-0" description: "Loki: like Prometheus, but for logs." home: https://grafana.com/loki From 15f3ffcbb8d279d051c15a6990d2138b769c4232 Mon Sep 17 00:00:00 2001 From: Aksel Skaar Leirvaag <52233080+akselleirv@users.noreply.github.com> Date: Wed, 3 Jan 2024 08:34:54 +0100 Subject: [PATCH 072/211] grafana: app version to 10.2.3 Signed-off-by: aksel-skaar-leirvaag --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 8c2c9e1126..0883c31961 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.0.19 -appVersion: 10.2.2 +version: 7.0.20 +appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From 6da88b94858d35a4f3dabafa7827900046e75411 Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Thu, 4 Jan 2024 19:53:38 +0530 Subject: [PATCH 073/211] Bumped prometheus chart version Signed-off-by: Sheikh-Abubaker --- charts/loki-stack/Chart.yaml | 2 +- charts/loki-stack/requirements.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-stack/Chart.yaml b/charts/loki-stack/Chart.yaml index 8069d9fc78..1a9978fe76 100644 --- a/charts/loki-stack/Chart.yaml +++ b/charts/loki-stack/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: "v1" name: loki-stack -version: 2.9.11 +version: 2.9.12 appVersion: v2.6.1 kubeVersion: "^1.10.0-0" description: "Loki: like Prometheus, but for logs." diff --git a/charts/loki-stack/requirements.yaml b/charts/loki-stack/requirements.yaml index 2232f1280e..09525e0961 100644 --- a/charts/loki-stack/requirements.yaml +++ b/charts/loki-stack/requirements.yaml @@ -17,7 +17,7 @@ dependencies: repository: "https://grafana.github.io/helm-charts" - name: "prometheus" condition: prometheus.enabled - version: "~15.5.3" + version: "~19.7.2" repository: "https://prometheus-community.github.io/helm-charts" - name: "filebeat" condition: filebeat.enabled From 073e3c43aefce200ca11c9ab2fd77e1ce8b1588d Mon Sep 17 00:00:00 2001 From: Derek Brown Date: Thu, 21 Dec 2023 16:18:36 -0700 Subject: [PATCH 074/211] feat: fail when users store secrets in plaintext Signed-off-by: Derek Brown --- charts/grafana/templates/_config.tpl | 1 + charts/grafana/templates/_helpers.tpl | 49 +++++++++++++++++++++++++++ charts/grafana/values.yaml | 10 ++++++ 3 files changed, 60 insertions(+) diff --git a/charts/grafana/templates/_config.tpl b/charts/grafana/templates/_config.tpl index face210934..19df19cd2a 100644 --- a/charts/grafana/templates/_config.tpl +++ b/charts/grafana/templates/_config.tpl @@ -2,6 +2,7 @@ Generate config map data */}} {{- define "grafana.configData" -}} +{{ include "grafana.assertNoLeakedSecrets" . }} {{- $files := .Files }} {{- $root := . -}} {{- with .Values.plugins }} diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index ead2449e37..44c00f3570 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -225,3 +225,52 @@ Formats imagePullSecrets. Input is (dict "root" . "imagePullSecrets" .{specific {{- end }} {{- $secretFound}} {{- end -}} + +{{/* + Checks whether the user is attempting to store secrets in plaintext + in the grafana.ini configmap +*/}} +{{/* grafana.assertNoLeakedSecrets checks for sensitive keys in values */}} +{{- define "grafana.assertNoLeakedSecrets" -}} + {{- $sensitiveKeysYaml := ` +sensitiveKeys: +- path: ["database", "password"] +- path: ["smtp", "password"] +- path: ["security", "secret_key"] +- path: ["security", "admin_password"] +- path: ["auth.basic", "password"] +- path: ["auth.ldap", "bind_password"] +- path: ["auth.google", "client_secret"] +- path: ["auth.github", "client_secret"] +- path: ["auth.gitlab", "client_secret"] +- path: ["auth.generic_oauth", "client_secret"] +- path: ["auth.okta", "client_secret"] +- path: ["auth.azuread", "client_secret"] +- path: ["auth.grafana_com", "client_secret"] +- path: ["auth.grafananet", "client_secret"] +- path: ["azure", "user_identity_client_secret"] +- path: ["unified_alerting", "ha_redis_password"] +- path: ["metrics", "basic_auth_password"] +- path: ["external_image_storage.s3", "secret_key"] +- path: ["external_image_storage.webdav", "password"] +- path: ["external_image_storage.azure_blob", "account_key"] +` | fromYaml -}} + {{- if $.Values.assertNoLeakedSecrets -}} + {{- $grafanaIni := index .Values "grafana.ini" -}} + {{- range $_, $secret := $sensitiveKeysYaml.sensitiveKeys -}} + {{- $currentMap := $grafanaIni -}} + {{- $shouldContinue := true -}} + {{- range $index, $elem := $secret.path -}} + {{- if and $shouldContinue (hasKey $currentMap $elem) -}} + {{- if eq (len $secret.path) (add1 $index) -}} + {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} + {{- else -}} + {{- $currentMap = index $currentMap $elem -}} + {{- end -}} + {{- else -}} + {{- $shouldContinue = false -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index afa1472dd7..803585d1a8 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -1297,3 +1297,13 @@ extraObjects: [] # data: # - key: grafana-admin-password # name: adminPassword + +# assertNoLeakedSecrets is a helper function defined in _helpers.tpl that checks if secret +# values are not exposed in the rendered grafana.ini configmap. It is enabled by default. +# +# To pass values into grafana.ini without exposing them in a configmap, use variable expansion: +# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#variable-expansion +# +# Alternatively, if you wish to allow secret values to be exposed in the rendered grafana.ini configmap, +# you can disable this check by setting assertNoLeakedSecrets to false. +assertNoLeakedSecrets: true From 6725f741c63f2ef1960588905d33e4586987c59d Mon Sep 17 00:00:00 2001 From: Derek Brown Date: Thu, 4 Jan 2024 14:33:01 -0800 Subject: [PATCH 075/211] version bump Signed-off-by: Derek Brown --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 8c2c9e1126..194b224051 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.19 +version: 7.1.0 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 1502d6f439afef7fa400c5a50707fec5820635ba Mon Sep 17 00:00:00 2001 From: Miroslav Hadzhiev Date: Mon, 8 Jan 2024 10:58:22 +0200 Subject: [PATCH 076/211] Update Chart.yaml Signed-off-by: Xtigyro --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index dee06d33ca..ea1516b5d4 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.20 +version: 7.0.21 appVersion: 10.2.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From d76d1f7e4e6fc3edb6d666c86b9789c29b919e26 Mon Sep 17 00:00:00 2001 From: Miroslav Hadzhiev Date: Mon, 8 Jan 2024 10:55:59 +0200 Subject: [PATCH 077/211] Update Chart.yaml Signed-off-by: Xtigyro --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 0883c31961..cc69f6b562 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.20 +version: 7.0.21 appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From f57eaf5cfd497bae529fc8382e3bd317f89e4ed9 Mon Sep 17 00:00:00 2001 From: Charles Korn Date: Mon, 8 Jan 2024 16:07:08 +1100 Subject: [PATCH 078/211] Remove default CPU limit for rollout-operator pod Signed-off-by: Charles Korn --- charts/rollout-operator/Chart.yaml | 2 +- charts/rollout-operator/README.md | 3 +-- charts/rollout-operator/values.yaml | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/charts/rollout-operator/Chart.yaml b/charts/rollout-operator/Chart.yaml index 12891c9b79..e01f3da7cd 100644 --- a/charts/rollout-operator/Chart.yaml +++ b/charts/rollout-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rollout-operator description: "Grafana rollout-operator" type: application -version: 0.10.0 +version: 0.11.0 appVersion: v0.9.0 home: https://github.com/grafana/rollout-operator kubeVersion: ^1.10.0-0 diff --git a/charts/rollout-operator/README.md b/charts/rollout-operator/README.md index 064819f556..bd23bf0147 100644 --- a/charts/rollout-operator/README.md +++ b/charts/rollout-operator/README.md @@ -4,7 +4,7 @@ Helm chart for deploying [Grafana rollout-operator](https://github.com/grafana/r # rollout-operator -![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.9.0](https://img.shields.io/badge/AppVersion-v0.9.0-informational?style=flat-square) +![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.9.0](https://img.shields.io/badge/AppVersion-v0.9.0-informational?style=flat-square) Grafana rollout-operator @@ -53,7 +53,6 @@ It is not a highly available application and runs as a single pod. | podLabels | object | `{}` | Pod (extra) Labels | | podSecurityContext | object | `{}` | | | priorityClassName | string | `""` | | -| resources.limits.cpu | string | `"1"` | | | resources.limits.memory | string | `"200Mi"` | | | resources.requests.cpu | string | `"100m"` | | | resources.requests.memory | string | `"100Mi"` | | diff --git a/charts/rollout-operator/values.yaml b/charts/rollout-operator/values.yaml index 3cb558d507..66f9486b1a 100644 --- a/charts/rollout-operator/values.yaml +++ b/charts/rollout-operator/values.yaml @@ -47,7 +47,7 @@ securityContext: {} resources: limits: - cpu: "1" + # cpu: "1" memory: 200Mi requests: cpu: 100m From ea2eaf18a5b7a19f3e75ccbe8d7b57e3e4c86585 Mon Sep 17 00:00:00 2001 From: Heds Simons Date: Mon, 8 Jan 2024 18:03:49 -0800 Subject: [PATCH 079/211] [tempo-distributed]: Update gateway routes to include distributor HTTP URL. Signed-off-by: Heds Simons --- charts/tempo-distributed/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 2fb7193097..309db76bdf 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1050,6 +1050,7 @@ config: | default: url: http://{{ template "tempo.fullname" . }}-admin-api.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} distributor: + url: http://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:{{ include "tempo.serverHttpListenPort" . }} otlp/grpc: url: h2c://{{ template "tempo.fullname" . }}-distributor.{{ .Release.Namespace }}.svc:4317 otlp/http: From ad17a3d85760730f396e1c267bf1b60dab951ffb Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Tue, 9 Jan 2024 10:51:09 -0500 Subject: [PATCH 080/211] [agent-operator] update links to CRDs (#2891) Signed-off-by: Robert Fratto --- charts/agent-operator/Chart.yaml | 2 +- charts/agent-operator/README.md | 4 ++-- charts/agent-operator/README.md.gotmpl | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index d5804d26a1..d3b5ec1431 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.12 +version: 0.3.13 appVersion: "0.38.1" home: https://grafana.com/docs/agent/v0.38/ icon: https://raw.githubusercontent.com/grafana/agent/v0.38.0/docs/sources/assets/logo_and_name.png diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index d8cf46b82a..4e1efd1c46 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.12](https://img.shields.io/badge/Version-0.3.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.38.1](https://img.shields.io/badge/AppVersion-0.38.1-informational?style=flat-square) +![Version: 0.3.13](https://img.shields.io/badge/Version-0.3.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.38.1](https://img.shields.io/badge/AppVersion-0.38.1-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -16,7 +16,7 @@ To learn how to deploy these resources, please see Grafana's [Agent Operator get ## CRDs -The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/production/operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. +The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. ## Get Repo Info diff --git a/charts/agent-operator/README.md.gotmpl b/charts/agent-operator/README.md.gotmpl index 5b08d32051..3dce97a945 100644 --- a/charts/agent-operator/README.md.gotmpl +++ b/charts/agent-operator/README.md.gotmpl @@ -16,7 +16,7 @@ To learn how to deploy these resources, please see Grafana's [Agent Operator get ## CRDs -The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/production/operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. +The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. ## Get Repo Info From d72b690a2091dbe984fd53eedc53ff996709f3cd Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Tue, 9 Jan 2024 23:37:19 +0530 Subject: [PATCH 081/211] Bumped loki stack version in chart.yaml Signed-off-by: Sheikh-Abubaker --- charts/loki-stack/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/loki-stack/Chart.yaml b/charts/loki-stack/Chart.yaml index 1a9978fe76..226715a988 100644 --- a/charts/loki-stack/Chart.yaml +++ b/charts/loki-stack/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: "v1" name: loki-stack -version: 2.9.12 +version: 2.10.0 appVersion: v2.6.1 kubeVersion: "^1.10.0-0" description: "Loki: like Prometheus, but for logs." From 448ca4e4ca9efda3636ac3ebd9f05e35a8c5799d Mon Sep 17 00:00:00 2001 From: Heds Simons Date: Tue, 9 Jan 2024 11:00:23 -0800 Subject: [PATCH 082/211] [tempo-distributed]: Update Tempo and GET to 2.3.1. Move from 2.3.0 to 2.3.1. Signed-off-by: Heds Simons --- charts/tempo-distributed/Chart.yaml | 4 ++-- charts/tempo-distributed/README.md | 4 ++-- charts/tempo-distributed/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 991104c69e..9b815d1696 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.4 -appVersion: 2.3.0 +version: 1.7.5 +appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 31a36713d1..e28f0acd3c 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.4](https://img.shields.io/badge/Version-1.7.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.5](https://img.shields.io/badge/Version-1.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -315,7 +315,7 @@ The memcached default args are removed and should be provided manually. The sett | distributor.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for distributor pods. Passed through `tpl` and, thus, to be configured as string | | enterprise.enabled | bool | `false` | | | enterprise.image.repository | string | `"grafana/enterprise-traces"` | Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' | -| enterprise.image.tag | string | `"v2.3.0"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | +| enterprise.image.tag | string | `"v2.3.1"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | | enterpriseFederationFrontend.affinity | string | Hard node and soft zone anti-affinity | Affinity for federation-frontend pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseFederationFrontend.autoscaling.enabled | bool | `false` | Enable autoscaling for the federation-frontend | | enterpriseFederationFrontend.autoscaling.maxReplicas | int | `3` | Maximum autoscaling replicas for the federation-frontend | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 309db76bdf..0e16fc70a8 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1845,7 +1845,7 @@ enterprise: # -- Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' repository: grafana/enterprise-traces # -- Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' - tag: v2.3.0 + tag: v2.3.1 # Note: pullPolicy and optional pullSecrets are set in toplevel 'image' section, not here # In order to use Grafana Enterprise Traces features, you will need to provide the contents of your Grafana Enterprise Traces From b6502dcfd7c44153043913f52c1a474bba2d35f4 Mon Sep 17 00:00:00 2001 From: JordanGoasdoue Date: Wed, 10 Jan 2024 12:06:29 +0100 Subject: [PATCH 083/211] [grafana] fix secret datasources/notifiers rendering Signed-off-by: JordanGoasdoue --- charts/grafana/templates/configSecret.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/grafana/templates/configSecret.yaml b/charts/grafana/templates/configSecret.yaml index f8937ccc7a..55574b9bbc 100644 --- a/charts/grafana/templates/configSecret.yaml +++ b/charts/grafana/templates/configSecret.yaml @@ -25,13 +25,13 @@ stringData: {{- range $key, $value := .Values.datasources }} {{- if (hasKey $value "secret") }} {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} + {{- tpl (toYaml $value.secret | nindent 4) $root }} {{- end }} {{- end }} {{- range $key, $value := .Values.notifiers }} {{- if (hasKey $value "secret") }} {{- $key | nindent 2 }}: | - {{- tpl (toYaml $value | nindent 4) $root }} + {{- tpl (toYaml $value.secret | nindent 4) $root }} {{- end }} {{- end }} {{- range $key, $value := .Values.alerting }} @@ -40,4 +40,4 @@ stringData: {{- tpl (toYaml $value.secret | nindent 4) $root }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From 94b60547e4f1dacacb7f044753408253da8903f1 Mon Sep 17 00:00:00 2001 From: JordanGoasdoue Date: Wed, 10 Jan 2024 13:37:27 +0100 Subject: [PATCH 084/211] chore: bump grafana chart version to 7.1.0 Signed-off-by: JordanGoasdoue --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index d2124007b2..b4bda96bc5 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.0.22 +version: 7.1.0 appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From b78f793a95c9579d5839941f818b6fce84e5718b Mon Sep 17 00:00:00 2001 From: Marc Tuduri Date: Wed, 10 Jan 2024 15:43:53 +0100 Subject: [PATCH 085/211] Bump agent version to v0.39 Signed-off-by: Marc Tuduri --- charts/agent-operator/Chart.yaml | 8 ++++---- charts/agent-operator/README.md | 6 +++--- charts/agent-operator/values.yaml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index d3b5ec1431..8665b5b7a5 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -3,11 +3,11 @@ name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application version: 0.3.13 -appVersion: "0.38.1" -home: https://grafana.com/docs/agent/v0.38/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.38.0/docs/sources/assets/logo_and_name.png +appVersion: "0.39.0" +home: https://grafana.com/docs/agent/v0.39/ +icon: https://raw.githubusercontent.com/grafana/agent/v0.39.0/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.38.0/pkg/operator + - https://github.com/grafana/agent/tree/v0.39.0/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 4e1efd1c46..323cedcb0e 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.13](https://img.shields.io/badge/Version-0.3.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.38.1](https://img.shields.io/badge/AppVersion-0.38.1-informational?style=flat-square) +![Version: 0.3.13](https://img.shields.io/badge/Version-0.3.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.0](https://img.shields.io/badge/AppVersion-0.39.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.37.4"` | Image tag | +| image.tag | string | `"v0.39.0"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index fb770e2fd7..0d0c491dee 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.37.4 + tag: v0.39.0 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 46d6164cf23f71a10179abd14c66bd5ad3aa5a86 Mon Sep 17 00:00:00 2001 From: Marc Tuduri Date: Wed, 10 Jan 2024 15:57:45 +0100 Subject: [PATCH 086/211] Bump version Signed-off-by: Marc Tuduri --- charts/agent-operator/Chart.yaml | 2 +- charts/agent-operator/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 8665b5b7a5..0c38584e11 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.13 +version: 0.3.14 appVersion: "0.39.0" home: https://grafana.com/docs/agent/v0.39/ icon: https://raw.githubusercontent.com/grafana/agent/v0.39.0/docs/sources/assets/logo_and_name.png diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 323cedcb0e..3398af7c25 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.13](https://img.shields.io/badge/Version-0.3.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.0](https://img.shields.io/badge/AppVersion-0.39.0-informational?style=flat-square) +![Version: 0.3.14](https://img.shields.io/badge/Version-0.3.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.0](https://img.shields.io/badge/AppVersion-0.39.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator From 8cd9c9d37e6683eadd1f0cb31454bc6e55c61873 Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 10 Jan 2024 23:11:21 +0800 Subject: [PATCH 087/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index b4bda96bc5..a76926f3d0 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.1.0 +version: 7.1.1 appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 960bad24bee83c5721b8e4ec56a0818f7fcff244 Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Thu, 11 Jan 2024 03:46:38 +0530 Subject: [PATCH 088/211] Modified Chart.yaml Signed-off-by: Sheikh-Abubaker --- charts/loki-stack/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/loki-stack/Chart.yaml b/charts/loki-stack/Chart.yaml index c0bcbc96bc..1242feb0c7 100644 --- a/charts/loki-stack/Chart.yaml +++ b/charts/loki-stack/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: "v1" name: loki-stack -version: 2.10.0 +version: 2.10.1 appVersion: v2.9.3 kubeVersion: "^1.10.0-0" description: "Loki: like Prometheus, but for logs." From 921ab6e085d40697598724cd07b1e99f4509ee8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Magalh=C3=A3es?= <10810709+zehenrique@users.noreply.github.com> Date: Fri, 29 Dec 2023 12:18:16 +0000 Subject: [PATCH 089/211] [loki-distributed] Allow setting labels and annotations in secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Magalhães <10810709+zehenrique@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 2 +- charts/loki-distributed/README.md | 4 +++- charts/loki-distributed/templates/config-secret.yaml | 7 +++++++ charts/loki-distributed/values.yaml | 4 ++++ 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 1e25cdfe7b..2dbd096bd3 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -3,7 +3,7 @@ name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application appVersion: 2.9.2 -version: 0.78.0 +version: 0.78.1 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index e59e7fdf33..dc6525ab62 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.0](https://img.shields.io/badge/Version-0.78.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.78.1](https://img.shields.io/badge/Version-0.78.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode @@ -333,6 +333,8 @@ kubectl delete statefulset RELEASE_NAME-loki-distributed-querier -n LOKI_NAMESPA | loki.command | string | `nil` | Common command override for all pods (except gateway) | | loki.config | string | See values.yaml | Config file contents for Loki | | loki.configAsSecret | bool | `false` | Store the loki configuration as a secret. | +| loki.configSecretAnnotations | object | `{}` | Annotations for the secret with loki configuration. | +| loki.configSecretLabels | object | `{}` | Additional labels for the secret with loki configuration. | | loki.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}` | The SecurityContext for Loki containers | | loki.existingSecretForConfig | string | `""` | Specify an existing secret containing loki configuration. If non-empty, overrides `loki.config` | | loki.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | diff --git a/charts/loki-distributed/templates/config-secret.yaml b/charts/loki-distributed/templates/config-secret.yaml index 24fd2054e6..6551ab34cc 100644 --- a/charts/loki-distributed/templates/config-secret.yaml +++ b/charts/loki-distributed/templates/config-secret.yaml @@ -6,6 +6,13 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "loki.labels" . | nindent 4 }} + {{- with .Values.loki.configSecretLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.loki.configSecretAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} stringData: config.yaml: | {{- tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . | nindent 4 }} diff --git a/charts/loki-distributed/values.yaml b/charts/loki-distributed/values.yaml index ab32c0e87d..0f0bc1624a 100644 --- a/charts/loki-distributed/values.yaml +++ b/charts/loki-distributed/values.yaml @@ -78,6 +78,10 @@ loki: existingSecretForConfig: "" # -- Store the loki configuration as a secret. configAsSecret: false + # -- Annotations for the secret with loki configuration. + configSecretAnnotations: {} + # -- Additional labels for the secret with loki configuration. + configSecretLabels: {} # -- Adds the appProtocol field to the memberlist service. This allows memberlist to work with istio protocol selection. Ex: "http" or "tcp" appProtocol: "" # -- Common annotations for all loki services From 589afb46d1f3f9d01da2a166598705fb0ac03105 Mon Sep 17 00:00:00 2001 From: MH Date: Fri, 12 Jan 2024 10:32:15 +0800 Subject: [PATCH 090/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index b4bda96bc5..1c5b46c51b 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.1.0 +version: 7.2.0 appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 71455904e9bdf92ab0a39a01bcb57cda729ad731 Mon Sep 17 00:00:00 2001 From: Marco Pracucci Date: Mon, 15 Jan 2024 11:49:48 +0100 Subject: [PATCH 091/211] [rollout-operator] update for v0.10.1 Signed-off-by: Marco Pracucci --- charts/rollout-operator/Chart.yaml | 4 ++-- charts/rollout-operator/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rollout-operator/Chart.yaml b/charts/rollout-operator/Chart.yaml index e01f3da7cd..fc80d05cd0 100644 --- a/charts/rollout-operator/Chart.yaml +++ b/charts/rollout-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rollout-operator description: "Grafana rollout-operator" type: application -version: 0.11.0 -appVersion: v0.9.0 +version: 0.12.0 +appVersion: v0.10.1 home: https://github.com/grafana/rollout-operator kubeVersion: ^1.10.0-0 diff --git a/charts/rollout-operator/README.md b/charts/rollout-operator/README.md index bd23bf0147..621d133357 100644 --- a/charts/rollout-operator/README.md +++ b/charts/rollout-operator/README.md @@ -4,7 +4,7 @@ Helm chart for deploying [Grafana rollout-operator](https://github.com/grafana/r # rollout-operator -![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.9.0](https://img.shields.io/badge/AppVersion-v0.9.0-informational?style=flat-square) +![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.10.1](https://img.shields.io/badge/AppVersion-v0.10.1-informational?style=flat-square) Grafana rollout-operator From f1cb7703c131a739402aba92a3efd26e60b0e576 Mon Sep 17 00:00:00 2001 From: Andy Asp Date: Mon, 15 Jan 2024 09:56:35 -0500 Subject: [PATCH 092/211] [rollout-operator] update for v0.11.0 Signed-off-by: Andy Asp --- charts/rollout-operator/Chart.yaml | 4 ++-- charts/rollout-operator/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rollout-operator/Chart.yaml b/charts/rollout-operator/Chart.yaml index fc80d05cd0..a46e7ecde9 100644 --- a/charts/rollout-operator/Chart.yaml +++ b/charts/rollout-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rollout-operator description: "Grafana rollout-operator" type: application -version: 0.12.0 -appVersion: v0.10.1 +version: 0.13.0 +appVersion: v0.11.0 home: https://github.com/grafana/rollout-operator kubeVersion: ^1.10.0-0 diff --git a/charts/rollout-operator/README.md b/charts/rollout-operator/README.md index 621d133357..3efeb2f1aa 100644 --- a/charts/rollout-operator/README.md +++ b/charts/rollout-operator/README.md @@ -4,7 +4,7 @@ Helm chart for deploying [Grafana rollout-operator](https://github.com/grafana/r # rollout-operator -![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.10.1](https://img.shields.io/badge/AppVersion-v0.10.1-informational?style=flat-square) +![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.11.0](https://img.shields.io/badge/AppVersion-v0.11.0-informational?style=flat-square) Grafana rollout-operator From 824e3da82e5a9aeb09da211f71f86a98f89e64b2 Mon Sep 17 00:00:00 2001 From: gasmick <33287410+gasmick@users.noreply.github.com> Date: Mon, 15 Jan 2024 15:29:40 +0100 Subject: [PATCH 093/211] [loki-distributed]: remove deprecated flag from compactor deployment Signed-off-by: gasmick <33287410+gasmick@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 4 ++-- charts/loki-distributed/README.md | 5 ++++- charts/loki-distributed/README.md.gotmpl | 3 +++ .../templates/compactor/deployment-compactor.yaml | 1 - 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 2dbd096bd3..d4df08f303 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.2 -version: 0.78.1 +appVersion: 2.9.3 +version: 0.79.0 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index dc6525ab62..940da4f4d3 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.1](https://img.shields.io/badge/Version-0.78.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.3](https://img.shields.io/badge/AppVersion-2.9.3-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode @@ -24,6 +24,9 @@ helm repo add grafana https://grafana.github.io/helm-charts Major version upgrades listed here indicate that there is an incompatible breaking change needing manual actions. +### From 0.78.x to 0.79.0 +Removed the hardcoded, deprecated `boltdb.shipper.compactor.working-directory` flag in the Compactor Deployment template, so that it can be set with `.Values.compactor.extraArgs` and the `compactor.working-directory` flag if necessary. + ### From 0.74.x to 0.75.0 The Index Gateway and Query Scheduler now expose the memberlist port 7946. In order to join the member list, you need to specify this in the `structuredConfig`: diff --git a/charts/loki-distributed/README.md.gotmpl b/charts/loki-distributed/README.md.gotmpl index 4c1967c807..23153d19b2 100644 --- a/charts/loki-distributed/README.md.gotmpl +++ b/charts/loki-distributed/README.md.gotmpl @@ -22,6 +22,9 @@ helm repo add grafana https://grafana.github.io/helm-charts Major version upgrades listed here indicate that there is an incompatible breaking change needing manual actions. +### From 0.78.x to 0.79.0 +Removed the hardcoded, deprecated `boltdb.shipper.compactor.working-directory` flag in the Compactor Deployment template, so that it can be set with `.Values.compactor.extraArgs` and the `compactor.working-directory` flag if necessary. + ### From 0.74.x to 0.75.0 The Index Gateway and Query Scheduler now expose the memberlist port 7946. In order to join the member list, you need to specify this in the `structuredConfig`: diff --git a/charts/loki-distributed/templates/compactor/deployment-compactor.yaml b/charts/loki-distributed/templates/compactor/deployment-compactor.yaml index f6b440931c..80601c7725 100644 --- a/charts/loki-distributed/templates/compactor/deployment-compactor.yaml +++ b/charts/loki-distributed/templates/compactor/deployment-compactor.yaml @@ -67,7 +67,6 @@ spec: args: - -config.file=/etc/loki/config/config.yaml - -target=compactor - - -boltdb.shipper.compactor.working-directory=/var/loki/compactor {{- with .Values.compactor.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} From c865e7390ab62463daf82ecd3b234a3dd93b2582 Mon Sep 17 00:00:00 2001 From: Javier Palacios Date: Mon, 15 Jan 2024 16:29:25 +0100 Subject: [PATCH 094/211] Allow for tempo dedicated attribute columns to be configured Signed-off-by: Javier Palacios --- charts/tempo-distributed/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 0e16fc70a8..5697955c94 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1251,6 +1251,10 @@ config: | {{- if .Values.storage.trace.block.version }} block: version: {{.Values.storage.trace.block.version}} + {{- if .Values.storage.trace.block.attribute_columns }} + parquet_dedicated_columns: + {{ .Values.storage.trace.block.attribute_columns }} + {{- end }} {{- end }} pool: max_workers: {{ .Values.storage.trace.pool.max_workers }} @@ -1314,6 +1318,8 @@ storage: block: # -- The supported block versions are specified here https://grafana.com/docs/tempo/latest/configuration/parquet/ version: null + # -- Rdedicated attribute columns (only for vParquet3 or later) + attribute_columns: [] # -- The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/tempo/latest/configuration/#storage backend: local # The worker pool is used primarily when finding traces by id, but is also used by other. From 2dc6cbc69c28396f9bb3763effc7b3a284107091 Mon Sep 17 00:00:00 2001 From: Javier Palacios Date: Mon, 15 Jan 2024 17:54:22 +0100 Subject: [PATCH 095/211] Update documentation Signed-off-by: Javier Palacios --- charts/tempo-distributed/README.md | 1 + charts/tempo-distributed/values.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index e28f0acd3c..7135c5b8d4 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -728,6 +728,7 @@ The memcached default args are removed and should be provided manually. The sett | serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | | storage.admin.backend | string | `"filesystem"` | The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/enterprise-traces/latest/config/reference/#admin_client_config | | storage.trace.backend | string | `"local"` | The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/tempo/latest/configuration/#storage | +| storage.trace.block.attribute_columns | list | `[]` | Lis with dedicated attribute columns (only for vParquet3 or later) | | storage.trace.block.version | string | `nil` | The supported block versions are specified here https://grafana.com/docs/tempo/latest/configuration/parquet/ | | storage.trace.pool.max_workers | int | `400` | Total number of workers pulling jobs from the queue | | storage.trace.pool.queue_depth | int | `20000` | Length of job queue. imporatant for querier as it queues a job for every block it has to search | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 5697955c94..0051689c46 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1318,7 +1318,7 @@ storage: block: # -- The supported block versions are specified here https://grafana.com/docs/tempo/latest/configuration/parquet/ version: null - # -- Rdedicated attribute columns (only for vParquet3 or later) + # -- Lis with dedicated attribute columns (only for vParquet3 or later) attribute_columns: [] # -- The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/tempo/latest/configuration/#storage backend: local From 8826d46866a1f89323534f5a2eda5561bd3596de Mon Sep 17 00:00:00 2001 From: Javier Palacios Date: Mon, 15 Jan 2024 17:55:19 +0100 Subject: [PATCH 096/211] Version bump Signed-off-by: Javier Palacios --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 9b815d1696..a1cc09edd9 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.5 +version: 1.7.6 appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From 690b82a9034d42f57fc585a9ad1f545930be3f6d Mon Sep 17 00:00:00 2001 From: Javier Palacios Date: Mon, 15 Jan 2024 17:58:15 +0100 Subject: [PATCH 097/211] Version bump (readme badge) Signed-off-by: Javier Palacios --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 7135c5b8d4..622db1c1bb 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.5](https://img.shields.io/badge/Version-1.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.7.6](https://img.shields.io/badge/Version-1.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode From 8e90f76629d5ee68bebefffe8c11cac1f52358c2 Mon Sep 17 00:00:00 2001 From: Javier Palacios Date: Mon, 15 Jan 2024 18:28:42 +0100 Subject: [PATCH 098/211] Version bump (readme badge II) Signed-off-by: Javier Palacios --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 622db1c1bb..a1462b4030 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.6](https://img.shields.io/badge/Version-1.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.7.6](https://img.shields.io/badge/Version-1.7.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode From da737f8039b70bd436a870d64dec0b60cadfc10c Mon Sep 17 00:00:00 2001 From: junya koyama Date: Tue, 16 Jan 2024 22:27:54 +0900 Subject: [PATCH 099/211] [lgtm-distributed] fix incorrect license annotations. Signed-off-by: junya koyama --- charts/lgtm-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/lgtm-distributed/Chart.yaml b/charts/lgtm-distributed/Chart.yaml index 2869ffd7d6..04cf805e07 100644 --- a/charts/lgtm-distributed/Chart.yaml +++ b/charts/lgtm-distributed/Chart.yaml @@ -23,7 +23,7 @@ keywords: - logs annotations: - "artifacthub.io/license": AGPL-3.0-only + "artifacthub.io/license": Apache-2.0 "artifacthub.io/links": | - name: Chart Source url: https://github.com/grafana/helm-charts From 1e0014dc7e1becd1b6f9c40b7a9e1b3bf1c55504 Mon Sep 17 00:00:00 2001 From: junya koyama Date: Tue, 16 Jan 2024 22:32:39 +0900 Subject: [PATCH 100/211] [grafana] fix Chart.yaml - fix incorrect license #2882 Signed-off-by: junya koyama --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 0069f17158..7b045e6e35 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.2.1 +version: 7.2.2 appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. @@ -10,7 +10,7 @@ sources: - https://github.com/grafana/grafana - https://github.com/grafana/helm-charts annotations: - "artifacthub.io/license": AGPL-3.0-only + "artifacthub.io/license": Apache-2.0 "artifacthub.io/links": | - name: Chart Source url: https://github.com/grafana/helm-charts From 951628587b03de96c8478b418f2ade9dff973fca Mon Sep 17 00:00:00 2001 From: Javier Palacios Date: Tue, 16 Jan 2024 20:55:52 +0100 Subject: [PATCH 101/211] Change variable name Signed-off-by: Javier Palacios --- charts/tempo-distributed/README.md | 2 +- charts/tempo-distributed/values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index a1462b4030..3cd8818412 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -728,7 +728,7 @@ The memcached default args are removed and should be provided manually. The sett | serviceAccount.name | string | `nil` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | | storage.admin.backend | string | `"filesystem"` | The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/enterprise-traces/latest/config/reference/#admin_client_config | | storage.trace.backend | string | `"local"` | The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/tempo/latest/configuration/#storage | -| storage.trace.block.attribute_columns | list | `[]` | Lis with dedicated attribute columns (only for vParquet3 or later) | +| storage.trace.block.dedicated_columns | list | `[]` | Lis with dedicated attribute columns (only for vParquet3 or later) | | storage.trace.block.version | string | `nil` | The supported block versions are specified here https://grafana.com/docs/tempo/latest/configuration/parquet/ | | storage.trace.pool.max_workers | int | `400` | Total number of workers pulling jobs from the queue | | storage.trace.pool.queue_depth | int | `20000` | Length of job queue. imporatant for querier as it queues a job for every block it has to search | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 0051689c46..ae082dc148 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1251,9 +1251,9 @@ config: | {{- if .Values.storage.trace.block.version }} block: version: {{.Values.storage.trace.block.version}} - {{- if .Values.storage.trace.block.attribute_columns }} + {{- if .Values.storage.trace.block.dedicated_columns}} parquet_dedicated_columns: - {{ .Values.storage.trace.block.attribute_columns }} + {{ .Values.storage.trace.block.dedicated_columns}} {{- end }} {{- end }} pool: @@ -1319,7 +1319,7 @@ storage: # -- The supported block versions are specified here https://grafana.com/docs/tempo/latest/configuration/parquet/ version: null # -- Lis with dedicated attribute columns (only for vParquet3 or later) - attribute_columns: [] + dedicated_columns: [] # -- The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/tempo/latest/configuration/#storage backend: local # The worker pool is used primarily when finding traces by id, but is also used by other. From f20ef7ffe45f88affc6a4db330f20302e4dd1840 Mon Sep 17 00:00:00 2001 From: gasmick <33287410+gasmick@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:40:48 +0100 Subject: [PATCH 102/211] [loki-distributed] add compactor working_directory value Signed-off-by: gasmick <33287410+gasmick@users.noreply.github.com> --- charts/loki-distributed/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/loki-distributed/values.yaml b/charts/loki-distributed/values.yaml index 0f0bc1624a..15e9343e84 100644 --- a/charts/loki-distributed/values.yaml +++ b/charts/loki-distributed/values.yaml @@ -212,6 +212,7 @@ loki: compactor: shared_store: filesystem + working_directory: /var/loki/compactor ruler: storage: From 8897fa07a8822f43f5209a41ec20d7edf406c253 Mon Sep 17 00:00:00 2001 From: Brendan Dalpe Date: Sun, 14 Jan 2024 17:17:14 -0600 Subject: [PATCH 103/211] Don't fail validation if a variable expansion operator is found. Fixes #2899 Signed-off-by: Brendan Dalpe --- charts/grafana/templates/_helpers.tpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index 44c00f3570..dffb2cdffd 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -263,7 +263,9 @@ sensitiveKeys: {{- range $index, $elem := $secret.path -}} {{- if and $shouldContinue (hasKey $currentMap $elem) -}} {{- if eq (len $secret.path) (add1 $index) -}} - {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} + {{- if not (regexMatch "\\$(?:__(?:env|file|value))?{[^}]+}" (index $currentMap $elem)) -}} + {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} + {{- end -}} {{- else -}} {{- $currentMap = index $currentMap $elem -}} {{- end -}} From eae1303b81f6cdaa4a8bd3703da8326c46febc50 Mon Sep 17 00:00:00 2001 From: MH Date: Mon, 15 Jan 2024 19:08:16 +0800 Subject: [PATCH 104/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 0069f17158..f291cf68bd 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.2.1 +version: 7.2.2 appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From d7c3c83c70c4e85b7824feacb12fa10de8242381 Mon Sep 17 00:00:00 2001 From: Brendan Dalpe Date: Tue, 16 Jan 2024 08:55:25 -0600 Subject: [PATCH 105/211] Typo s/value/vault/ Signed-off-by: Brendan Dalpe --- charts/grafana/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index dffb2cdffd..6a59d372b2 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -263,7 +263,7 @@ sensitiveKeys: {{- range $index, $elem := $secret.path -}} {{- if and $shouldContinue (hasKey $currentMap $elem) -}} {{- if eq (len $secret.path) (add1 $index) -}} - {{- if not (regexMatch "\\$(?:__(?:env|file|value))?{[^}]+}" (index $currentMap $elem)) -}} + {{- if not (regexMatch "\\$(?:__(?:env|file|vault))?{[^}]+}" (index $currentMap $elem)) -}} {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} {{- end -}} {{- else -}} From 0212c408899a9314320674f1ed5385b616d86507 Mon Sep 17 00:00:00 2001 From: Brendan Dalpe Date: Tue, 16 Jan 2024 09:05:24 -0600 Subject: [PATCH 106/211] Add a help message Signed-off-by: Brendan Dalpe --- charts/grafana/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index 6a59d372b2..790d5a293a 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -264,7 +264,7 @@ sensitiveKeys: {{- if and $shouldContinue (hasKey $currentMap $elem) -}} {{- if eq (len $secret.path) (add1 $index) -}} {{- if not (regexMatch "\\$(?:__(?:env|file|vault))?{[^}]+}" (index $currentMap $elem)) -}} - {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead." (join "." $secret.path)) -}} + {{- fail (printf "Sensitive key '%s' should not be defined explicitly in values. Use variable expansion instead. You can disable this client-side validation by changing the value of assertNoLeakedSecrets." (join "." $secret.path)) -}} {{- end -}} {{- else -}} {{- $currentMap = index $currentMap $elem -}} From 73d1481c99953d0304dd8dd1c2a70f24985de479 Mon Sep 17 00:00:00 2001 From: Zach Leslie Date: Thu, 18 Jan 2024 17:17:51 +0000 Subject: [PATCH 107/211] [tempo-distributed] update default memcached image to 1.6.23 for multiple CVEs Signed-off-by: Zach Leslie --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 4 ++-- charts/tempo-distributed/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index a1cc09edd9..3bc746d689 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.6 +version: 1.8.0 appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 3cd8818412..d4a202c2a2 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.6](https://img.shields.io/badge/Version-1.7.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -510,7 +510,7 @@ The memcached default args are removed and should be provided manually. The sett | memcached.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `global.image.pullSecrets` | | memcached.image.registry | string | `nil` | The Docker registry for the Memcached image. Overrides `global.image.registry` | | memcached.image.repository | string | `"memcached"` | Memcached Docker image repository | -| memcached.image.tag | string | `"1.5.17-alpine"` | Memcached Docker image tag | +| memcached.image.tag | string | `"1.6.23-alpine"` | Memcached Docker image tag | | memcached.podAnnotations | object | `{}` | Annotations for memcached pods | | memcached.podLabels | object | `{}` | Labels for memcached pods | | memcached.replicas | int | `1` | | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index ae082dc148..faf845caf6 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1356,7 +1356,7 @@ memcached: # -- Memcached Docker image repository repository: memcached # -- Memcached Docker image tag - tag: 1.5.17-alpine + tag: 1.6.23-alpine # -- Memcached Docker image pull policy pullPolicy: IfNotPresent host: memcached From e293eabc93567de4484694698561314a2dd2ca74 Mon Sep 17 00:00:00 2001 From: Yves Galante Date: Tue, 16 Jan 2024 15:08:19 +0100 Subject: [PATCH 108/211] feat(grafana): Allow to customize empty dir Signed-off-by: Yves Galante --- charts/grafana/Chart.yaml | 2 +- charts/grafana/templates/_pod.tpl | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index f291cf68bd..1eaa40b3a6 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.2.2 +version: 7.2.3 appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index c91d22f978..65276ab58a 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -1273,6 +1273,9 @@ volumes: {{- else if .configMap }} configMap: {{- toYaml .configMap | nindent 6 }} + {{- else if .emptyDir }} + emptyDir: + {{- toYaml .emptyDir | nindent 6 }} {{- else }} emptyDir: {} {{- end }} From a97476e7eed85e980a3d3ade677bc3ab681b1121 Mon Sep 17 00:00:00 2001 From: Marc Tuduri Date: Fri, 19 Jan 2024 17:46:01 +0100 Subject: [PATCH 109/211] [agent-operator] v0.39.1 Signed-off-by: Marc Tuduri --- charts/agent-operator/Chart.yaml | 8 ++++---- charts/agent-operator/README.md | 6 +++--- charts/agent-operator/values.yaml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 0c38584e11..89f5353632 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.14 -appVersion: "0.39.0" +version: 0.3.15 +appVersion: "0.39.1" home: https://grafana.com/docs/agent/v0.39/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.39.0/docs/sources/assets/logo_and_name.png +icon: https://raw.githubusercontent.com/grafana/agent/v0.39.1/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.39.0/pkg/operator + - https://github.com/grafana/agent/tree/v0.39.1/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 3398af7c25..9a321ce611 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.14](https://img.shields.io/badge/Version-0.3.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.0](https://img.shields.io/badge/AppVersion-0.39.0-informational?style=flat-square) +![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.1](https://img.shields.io/badge/AppVersion-0.39.1-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.39.0"` | Image tag | +| image.tag | string | `"v0.39.1"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 0d0c491dee..4df2427768 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.39.0 + tag: v0.39.1 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 5f9d9d251745756699dde961fec83b4a1c2c7d7b Mon Sep 17 00:00:00 2001 From: Javier Palacios Date: Sat, 20 Jan 2024 11:34:55 +0100 Subject: [PATCH 110/211] Fix rendering for parquet dedicated columns value Signed-off-by: Javier Palacios --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- charts/tempo-distributed/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 3bc746d689..95b56b5943 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.8.0 +version: 1.8.1 appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index d4a202c2a2..d64b11cdb2 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.8.1](https://img.shields.io/badge/Version-1.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index faf845caf6..d24eab1b12 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1253,7 +1253,7 @@ config: | version: {{.Values.storage.trace.block.version}} {{- if .Values.storage.trace.block.dedicated_columns}} parquet_dedicated_columns: - {{ .Values.storage.trace.block.dedicated_columns}} + {{ .Values.storage.trace.block.dedicated_columns | toYaml | nindent 8}} {{- end }} {{- end }} pool: From 3aef971887ed25d43e0f437f6fe07d3487676a04 Mon Sep 17 00:00:00 2001 From: Javier Palacios Date: Sat, 20 Jan 2024 12:02:34 +0100 Subject: [PATCH 111/211] Add basic test for parquet dedicated columns Signed-off-by: Javier Palacios --- .../ci/parquet-dedicated-columns.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 charts/tempo-distributed/ci/parquet-dedicated-columns.yaml diff --git a/charts/tempo-distributed/ci/parquet-dedicated-columns.yaml b/charts/tempo-distributed/ci/parquet-dedicated-columns.yaml new file mode 100644 index 0000000000..5878f37f0c --- /dev/null +++ b/charts/tempo-distributed/ci/parquet-dedicated-columns.yaml @@ -0,0 +1,11 @@ +storage: + trace: + block: + version: vParquet3 + dedicated_columns: + - name: cluster + type: string + scope: resource + - name: service.name + type: string + scope: resource From f10c1a9dc80da6370ce5f0c02831405857d318f2 Mon Sep 17 00:00:00 2001 From: Brent Villanueva Date: Tue, 23 Jan 2024 11:49:36 +0900 Subject: [PATCH 112/211] Update values.yaml Signed-off-by: Brent Villanueva --- charts/tempo-distributed/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index faf845caf6..cc6e87c984 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -692,6 +692,9 @@ queryFrontend: config: # -- Number of times to retry a request sent to a querier max_retries: 2 + + # -- Maximum number of outstanding requests per tenant per frontend; requests beyond this error with HTTP 429. + max_outstanding_per_tenant: 2000 search: # -- The number of concurrent jobs to execute when searching the backend concurrent_jobs: 1000 @@ -1190,6 +1193,7 @@ config: | {{- end }} max_concurrent_queries: {{ .Values.querier.config.max_concurrent_queries }} query_frontend: + max_outstanding_per_tenant: {{ .Values.queryFrontend.config.max_outstanding_per_tenant }} max_retries: {{ .Values.queryFrontend.config.max_retries }} search: target_bytes_per_job: {{ .Values.queryFrontend.config.search.target_bytes_per_job }} From fba2ed27c3ff5e7eaaf633cf2103413605d7b412 Mon Sep 17 00:00:00 2001 From: Brent Villanueva Date: Tue, 23 Jan 2024 12:00:26 +0900 Subject: [PATCH 113/211] remove space Signed-off-by: Brent Villanueva --- charts/tempo-distributed/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index cc6e87c984..4492d6aae7 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -692,7 +692,6 @@ queryFrontend: config: # -- Number of times to retry a request sent to a querier max_retries: 2 - # -- Maximum number of outstanding requests per tenant per frontend; requests beyond this error with HTTP 429. max_outstanding_per_tenant: 2000 search: From afc3b5d1bb689bb9cf3bc14fbf06d707d6957fcf Mon Sep 17 00:00:00 2001 From: Brent Villanueva Date: Tue, 23 Jan 2024 12:04:45 +0900 Subject: [PATCH 114/211] reverse the order Signed-off-by: Brent Villanueva --- charts/tempo-distributed/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 4492d6aae7..a9002202a0 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1192,8 +1192,8 @@ config: | {{- end }} max_concurrent_queries: {{ .Values.querier.config.max_concurrent_queries }} query_frontend: - max_outstanding_per_tenant: {{ .Values.queryFrontend.config.max_outstanding_per_tenant }} max_retries: {{ .Values.queryFrontend.config.max_retries }} + max_outstanding_per_tenant: {{ .Values.queryFrontend.config.max_outstanding_per_tenant }} search: target_bytes_per_job: {{ .Values.queryFrontend.config.search.target_bytes_per_job }} concurrent_jobs: {{ .Values.queryFrontend.config.search.concurrent_jobs }} From b3854e42d6ed4681f54bc5f953f9e6762fde33f9 Mon Sep 17 00:00:00 2001 From: Heds Simons Date: Tue, 23 Jan 2024 12:06:19 -0800 Subject: [PATCH 115/211] [tempo-distributed] Update GET to v2.3.2. Updated due to patch GET release to address [CVE-2023-5363](https://github.com/advisories/GHSA-xw78-pcr6-wrg8). Signed-off-by: Heds Simons --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 4 ++-- charts/tempo-distributed/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 3bc746d689..95b56b5943 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.8.0 +version: 1.8.1 appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index d4a202c2a2..c24cee9453 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.8.1](https://img.shields.io/badge/Version-1.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -315,7 +315,7 @@ The memcached default args are removed and should be provided manually. The sett | distributor.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for distributor pods. Passed through `tpl` and, thus, to be configured as string | | enterprise.enabled | bool | `false` | | | enterprise.image.repository | string | `"grafana/enterprise-traces"` | Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' | -| enterprise.image.tag | string | `"v2.3.1"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | +| enterprise.image.tag | string | `"v2.3.2"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | | enterpriseFederationFrontend.affinity | string | Hard node and soft zone anti-affinity | Affinity for federation-frontend pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseFederationFrontend.autoscaling.enabled | bool | `false` | Enable autoscaling for the federation-frontend | | enterpriseFederationFrontend.autoscaling.maxReplicas | int | `3` | Maximum autoscaling replicas for the federation-frontend | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index faf845caf6..f7ac63fb29 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1851,7 +1851,7 @@ enterprise: # -- Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' repository: grafana/enterprise-traces # -- Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' - tag: v2.3.1 + tag: v2.3.2 # Note: pullPolicy and optional pullSecrets are set in toplevel 'image' section, not here # In order to use Grafana Enterprise Traces features, you will need to provide the contents of your Grafana Enterprise Traces From c328c79b8a9c8afa7b4fcdcc7813b90bf2faa089 Mon Sep 17 00:00:00 2001 From: Venkata Mutyala Date: Wed, 13 Dec 2023 03:19:45 +0000 Subject: [PATCH 116/211] [promtail] bump promtail version to 2.9.3 Signed-off-by: Venkata Mutyala --- charts/promtail/Chart.yaml | 4 ++-- charts/promtail/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/promtail/Chart.yaml b/charts/promtail/Chart.yaml index 555eb23705..0bab675544 100644 --- a/charts/promtail/Chart.yaml +++ b/charts/promtail/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: promtail description: Promtail is an agent which ships the contents of local logs to a Loki instance type: application -appVersion: 2.9.2 -version: 6.15.3 +appVersion: 2.9.3 +version: 6.15.4 home: https://grafana.com/loki sources: - https://github.com/grafana/loki diff --git a/charts/promtail/README.md b/charts/promtail/README.md index 03799f9463..07be76d827 100644 --- a/charts/promtail/README.md +++ b/charts/promtail/README.md @@ -1,6 +1,6 @@ # promtail -![Version: 6.15.3](https://img.shields.io/badge/Version-6.15.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 6.15.4](https://img.shields.io/badge/Version-6.15.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.3](https://img.shields.io/badge/AppVersion-2.9.3-informational?style=flat-square) Promtail is an agent which ships the contents of local logs to a Loki instance From d0cb5673dec83fa14a3879796c40f55f5e41eb63 Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 24 Jan 2024 22:23:17 +0800 Subject: [PATCH 117/211] Update Chart.yaml Signed-off-by: MH --- charts/loki-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 2dbd096bd3..47bfe79b77 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -3,7 +3,7 @@ name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application appVersion: 2.9.2 -version: 0.78.1 +version: 0.78.2 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki From d2fe4339b95efb0c5de79e1a1e0b1fa86ffa5b15 Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 24 Jan 2024 22:25:50 +0800 Subject: [PATCH 118/211] Update README.md Signed-off-by: MH --- charts/loki-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index dc6525ab62..437b97f00d 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.1](https://img.shields.io/badge/Version-0.78.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.78.2](https://img.shields.io/badge/Version-0.78.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 0613c177f50634f5b140b8382589c7c11855250c Mon Sep 17 00:00:00 2001 From: Mario Steinhoff Date: Wed, 24 Jan 2024 20:10:32 +0100 Subject: [PATCH 119/211] [grafana] Allow prefix field in envFrom entries Signed-off-by: Mario Steinhoff --- charts/grafana/templates/_pod.tpl | 6 ++++++ charts/grafana/values.yaml | 2 ++ 2 files changed, 8 insertions(+) diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index 65276ab58a..80fb466097 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -1084,11 +1084,17 @@ containers: - secretRef: name: {{ tpl .name $ }} optional: {{ .optional | default false }} + {{- if .prefix }} + prefix: {{ tpl .prefix $ }} + {{- end }} {{- end }} {{- range .Values.envFromConfigMaps }} - configMapRef: name: {{ tpl .name $ }} optional: {{ .optional | default false }} + {{- if .prefix }} + prefix: {{ tpl .prefix $ }} + {{- end }} {{- end }} {{- end }} {{- with .Values.livenessProbe }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 3e18f7dc74..ab853e09c7 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -490,6 +490,7 @@ envRenderSecret: {} ## Name is templated. envFromSecrets: [] ## - name: secret-name +## prefix: prefix ## optional: true ## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment @@ -498,6 +499,7 @@ envFromSecrets: [] ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core envFromConfigMaps: [] ## - name: configmap-name +## prefix: prefix ## optional: true # Inject Kubernetes services as environment variables. From da08b0428c2a206ee010b33985602e765b710ba8 Mon Sep 17 00:00:00 2001 From: Mario Steinhoff Date: Thu, 25 Jan 2024 12:11:20 +0100 Subject: [PATCH 120/211] [grafana] bump chart minor version Signed-off-by: Mario Steinhoff --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 08b63b5459..2132da2432 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.2.4 +version: 7.2.5 appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 86cded443e983ac793bbcff36a7440a2b6a48115 Mon Sep 17 00:00:00 2001 From: Nazim Isik Date: Thu, 25 Jan 2024 15:17:27 +0300 Subject: [PATCH 121/211] Update Chart.yaml version update to 10.3.1 Signed-off-by: Nazim Can Isik --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 08b63b5459..8ace3fc2b7 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.2.4 -appVersion: 10.2.3 +version: 7.2.5 +appVersion: 10.3.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From 0c39d1d1db82c7498c1f762dadad161c13efe5cc Mon Sep 17 00:00:00 2001 From: Nazim Isik Date: Mon, 29 Jan 2024 09:28:03 +0300 Subject: [PATCH 122/211] chart version update Signed-off-by: Nazim Can Isik --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 8ace3fc2b7..f5f9f94173 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.2.5 +version: 7.2.6 appVersion: 10.3.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From bd1716604050331c5eef929b5424a6aba5699d2b Mon Sep 17 00:00:00 2001 From: Nazim Can Isik Date: Mon, 29 Jan 2024 09:37:10 +0300 Subject: [PATCH 123/211] main version Signed-off-by: Nazim Can Isik --- charts/grafana/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index f5f9f94173..71b14b0902 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.2.6 -appVersion: 10.3.1 +version: 7.2.5 +appVersion: 10.2.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com @@ -30,4 +30,4 @@ maintainers: type: application keywords: - monitoring - - metric + - metric \ No newline at end of file From 6e1315ddca88f7b5491ef6ea03d389af146881b6 Mon Sep 17 00:00:00 2001 From: Mario Steinhoff Date: Wed, 24 Jan 2024 20:10:32 +0100 Subject: [PATCH 124/211] [grafana] Allow prefix field in envFrom entries Signed-off-by: Mario Steinhoff Signed-off-by: Nazim Can Isik --- charts/grafana/templates/_pod.tpl | 6 ++++++ charts/grafana/values.yaml | 2 ++ 2 files changed, 8 insertions(+) diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index 65276ab58a..80fb466097 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -1084,11 +1084,17 @@ containers: - secretRef: name: {{ tpl .name $ }} optional: {{ .optional | default false }} + {{- if .prefix }} + prefix: {{ tpl .prefix $ }} + {{- end }} {{- end }} {{- range .Values.envFromConfigMaps }} - configMapRef: name: {{ tpl .name $ }} optional: {{ .optional | default false }} + {{- if .prefix }} + prefix: {{ tpl .prefix $ }} + {{- end }} {{- end }} {{- end }} {{- with .Values.livenessProbe }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 3e18f7dc74..ab853e09c7 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -490,6 +490,7 @@ envRenderSecret: {} ## Name is templated. envFromSecrets: [] ## - name: secret-name +## prefix: prefix ## optional: true ## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment @@ -498,6 +499,7 @@ envFromSecrets: [] ## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core envFromConfigMaps: [] ## - name: configmap-name +## prefix: prefix ## optional: true # Inject Kubernetes services as environment variables. From e33010f13ef1ec8dbe2471918450bc9990239340 Mon Sep 17 00:00:00 2001 From: Nazim Isik Date: Mon, 29 Jan 2024 09:40:13 +0300 Subject: [PATCH 125/211] version 10.3.1 Signed-off-by: Nazim Can Isik --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 71b14b0902..1eed635355 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.2.5 -appVersion: 10.2.3 +version: 7.2.6 +appVersion: 10.3.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From f5bdfa0c5df03ddb874c28683fd84ea26857252c Mon Sep 17 00:00:00 2001 From: Nazim Isik Date: Thu, 25 Jan 2024 15:17:27 +0300 Subject: [PATCH 126/211] Update Chart.yaml version update to 10.3.1 Signed-off-by: Nazim Can Isik --- charts/grafana/Chart.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 2132da2432..2f18b27e00 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,11 @@ apiVersion: v2 name: grafana version: 7.2.5 +<<<<<<< HEAD appVersion: 10.2.3 +======= +appVersion: 10.3.1 +>>>>>>> 86cded44 (Update Chart.yaml) kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From dbc90823d1fe1f37ecc76fc978f204fa8e2549c8 Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Mon, 29 Jan 2024 16:03:29 +0100 Subject: [PATCH 127/211] Update Loki to version 2.9.4 Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 4 ++-- charts/loki-distributed/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 47bfe79b77..4535797966 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.2 -version: 0.78.2 +appVersion: 2.9.4 +version: 0.78.3 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index 437b97f00d..d9fbdd1d1e 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.2](https://img.shields.io/badge/Version-0.78.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.78.3](https://img.shields.io/badge/Version-0.78.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.4](https://img.shields.io/badge/AppVersion-2.9.4-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From e5e85f82c6935bbf44a9166a28bd023747238182 Mon Sep 17 00:00:00 2001 From: Nazim Isik Date: Tue, 30 Jan 2024 06:16:06 +0000 Subject: [PATCH 128/211] new line added Signed-off-by: Nazim Can Isik --- charts/grafana/Chart.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 1eed635355..3fc390ae63 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -30,4 +30,5 @@ maintainers: type: application keywords: - monitoring - - metric \ No newline at end of file + - metric + \ No newline at end of file From 36e9624959343e32f64197a47137e4e60ff3031a Mon Sep 17 00:00:00 2001 From: Nazim Isik Date: Tue, 30 Jan 2024 07:08:31 +0000 Subject: [PATCH 129/211] remove space Signed-off-by: Nazim Can Isik --- charts/grafana/Chart.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 3fc390ae63..f5f9f94173 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -31,4 +31,3 @@ type: application keywords: - monitoring - metric - \ No newline at end of file From 94d970e9ebb953563c24b916cb3eeb2e6a452f3a Mon Sep 17 00:00:00 2001 From: Nazim Isik Date: Tue, 30 Jan 2024 13:25:08 +0300 Subject: [PATCH 130/211] bump the minor version Signed-off-by: Nazim Can Isik --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index f5f9f94173..c027fc1ade 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.2.6 +version: 7.3.0 appVersion: 10.3.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From eb1f69b45584726e1cc883ef5f3a060f74cfc834 Mon Sep 17 00:00:00 2001 From: Brent Villanueva Date: Wed, 31 Jan 2024 11:25:15 +0900 Subject: [PATCH 131/211] add doc Signed-off-by: Brent Villanueva --- charts/tempo-distributed/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index d4a202c2a2..f76163e0c7 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -662,6 +662,7 @@ The memcached default args are removed and should be provided manually. The sett | queryFrontend.autoscaling.targetCPUUtilizationPercentage | int | `60` | Target CPU utilisation percentage for the query-frontend | | queryFrontend.autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Target memory utilisation percentage for the query-frontend | | queryFrontend.config.max_retries | int | `2` | Number of times to retry a request sent to a querier | +| queryFrontend.config.max_outstanding_per_tenant | int | `2000` | Maximum number of outstanding requests per tenant per frontend; requests beyond this error with HTTP 429. | | queryFrontend.config.search.concurrent_jobs | int | `1000` | The number of concurrent jobs to execute when searching the backend | | queryFrontend.config.search.target_bytes_per_job | int | `104857600` | The target number of bytes for each job to handle when performing a backend search | | queryFrontend.config.trace_by_id | object | `{"hedge_requests_at":"2s","hedge_requests_up_to":2,"query_shards":50}` | Trace by ID lookup configuration | From 438bf586a6b97bbb3ea4b81a34b0159810ffa2ab Mon Sep 17 00:00:00 2001 From: Brent Villanueva Date: Wed, 31 Jan 2024 11:32:56 +0900 Subject: [PATCH 132/211] bump version Signed-off-by: Brent Villanueva --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 3bc746d689..97d9d2b5fd 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.8.0 +version: 1.8.3 appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index f76163e0c7..df1471c60c 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.8.3](https://img.shields.io/badge/Version-1.8.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode From 669c95c1ec9acb40af5d0bfc8aadcd309c6c193f Mon Sep 17 00:00:00 2001 From: Brent Villanueva Date: Thu, 1 Feb 2024 16:41:17 +0900 Subject: [PATCH 133/211] ran helm-docs Signed-off-by: Brent Villanueva --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index df1471c60c..5c36890382 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -661,8 +661,8 @@ The memcached default args are removed and should be provided manually. The sett | queryFrontend.autoscaling.minReplicas | int | `1` | Minimum autoscaling replicas for the query-frontend | | queryFrontend.autoscaling.targetCPUUtilizationPercentage | int | `60` | Target CPU utilisation percentage for the query-frontend | | queryFrontend.autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Target memory utilisation percentage for the query-frontend | -| queryFrontend.config.max_retries | int | `2` | Number of times to retry a request sent to a querier | | queryFrontend.config.max_outstanding_per_tenant | int | `2000` | Maximum number of outstanding requests per tenant per frontend; requests beyond this error with HTTP 429. | +| queryFrontend.config.max_retries | int | `2` | Number of times to retry a request sent to a querier | | queryFrontend.config.search.concurrent_jobs | int | `1000` | The number of concurrent jobs to execute when searching the backend | | queryFrontend.config.search.target_bytes_per_job | int | `104857600` | The target number of bytes for each job to handle when performing a backend search | | queryFrontend.config.trace_by_id | object | `{"hedge_requests_at":"2s","hedge_requests_up_to":2,"query_shards":50}` | Trace by ID lookup configuration | From 5988b4743d2e16c75554d411d14c8141d3b800ea Mon Sep 17 00:00:00 2001 From: Brent Villanueva Date: Thu, 1 Feb 2024 16:43:53 +0900 Subject: [PATCH 134/211] alphabetical order on config Signed-off-by: Brent Villanueva --- charts/tempo-distributed/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index a9002202a0..72fe8868c2 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -690,10 +690,10 @@ queryFrontend: # hostnames: # - domain.tld config: - # -- Number of times to retry a request sent to a querier - max_retries: 2 # -- Maximum number of outstanding requests per tenant per frontend; requests beyond this error with HTTP 429. max_outstanding_per_tenant: 2000 + # -- Number of times to retry a request sent to a querier + max_retries: 2 search: # -- The number of concurrent jobs to execute when searching the backend concurrent_jobs: 1000 @@ -1192,8 +1192,8 @@ config: | {{- end }} max_concurrent_queries: {{ .Values.querier.config.max_concurrent_queries }} query_frontend: - max_retries: {{ .Values.queryFrontend.config.max_retries }} max_outstanding_per_tenant: {{ .Values.queryFrontend.config.max_outstanding_per_tenant }} + max_retries: {{ .Values.queryFrontend.config.max_retries }} search: target_bytes_per_job: {{ .Values.queryFrontend.config.search.target_bytes_per_job }} concurrent_jobs: {{ .Values.queryFrontend.config.search.concurrent_jobs }} From 14948abc94e81c1fd635782a03ffb9529ed67a53 Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Wed, 14 Feb 2024 08:37:18 +0100 Subject: [PATCH 135/211] Update Grafana to version 10.3.3 Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index c027fc1ade..557a0f3062 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.3.0 -appVersion: 10.3.1 +version: 7.3.1 +appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From e6b6d7dade965d43f51e846075540354b68cc80c Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Thu, 15 Feb 2024 19:01:07 +0530 Subject: [PATCH 136/211] autoMount set to false in values.yaml Signed-off-by: Sheikh-Abubaker --- charts/grafana/Chart.yaml | 2 +- charts/grafana/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index c027fc1ade..922f932ca3 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.0 +version: 7.3.1 appVersion: 10.3.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index ab853e09c7..c39ea874ce 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -41,7 +41,7 @@ serviceAccount: ## Service account annotations. Can be templated. # annotations: # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here - autoMount: true + autoMount: false replicas: 1 From 5b5c4895003308409ccc87dd5db03ddb9e488f9c Mon Sep 17 00:00:00 2001 From: dbluxo <20679842+dbluxo@users.noreply.github.com> Date: Fri, 16 Feb 2024 14:08:16 +0100 Subject: [PATCH 137/211] feat: add possibility to set resources for the testframework container Signed-off-by: dbluxo <20679842+dbluxo@users.noreply.github.com> --- charts/grafana/Chart.yaml | 2 +- charts/grafana/templates/tests/test.yaml | 4 ++++ charts/grafana/values.yaml | 7 +++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index c027fc1ade..922f932ca3 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.0 +version: 7.3.1 appVersion: 10.3.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/templates/tests/test.yaml b/charts/grafana/templates/tests/test.yaml index 15067ae307..9e88afcfa0 100644 --- a/charts/grafana/templates/tests/test.yaml +++ b/charts/grafana/templates/tests/test.yaml @@ -41,6 +41,10 @@ spec: - mountPath: /tests name: tests readOnly: true + {{- with .Values.testFramework.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: - name: tests configMap: diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index ab853e09c7..cc6e9aec78 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -115,6 +115,13 @@ testFramework: tag: "v1.4.1" imagePullPolicy: IfNotPresent securityContext: {} + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi # dns configuration for pod dnsPolicy: ~ From 2972b1d302b91ce56a223c8ebfb1f74600217d6c Mon Sep 17 00:00:00 2001 From: chesha1 Date: Fri, 23 Feb 2024 13:06:15 +0800 Subject: [PATCH 138/211] [loki-stack] update grafana image tag Signed-off-by: chesha1 --- charts/loki-stack/Chart.yaml | 2 +- charts/loki-stack/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-stack/Chart.yaml b/charts/loki-stack/Chart.yaml index 1242feb0c7..9d66f01143 100644 --- a/charts/loki-stack/Chart.yaml +++ b/charts/loki-stack/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: "v1" name: loki-stack -version: 2.10.1 +version: 2.10.2 appVersion: v2.9.3 kubeVersion: "^1.10.0-0" description: "Loki: like Prometheus, but for logs." diff --git a/charts/loki-stack/values.yaml b/charts/loki-stack/values.yaml index 59c1e300b5..83ed6f016c 100644 --- a/charts/loki-stack/values.yaml +++ b/charts/loki-stack/values.yaml @@ -42,7 +42,7 @@ grafana: enabled: true maxLines: 1000 image: - tag: 8.3.5 + tag: 10.3.3 prometheus: enabled: false From 70e2dec1fab40435d6c47641c7f7c253e85af67f Mon Sep 17 00:00:00 2001 From: Marco Pracucci Date: Mon, 26 Feb 2024 09:28:37 +0100 Subject: [PATCH 139/211] update for v0.13.0 Signed-off-by: Marco Pracucci --- charts/rollout-operator/Chart.yaml | 4 ++-- charts/rollout-operator/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rollout-operator/Chart.yaml b/charts/rollout-operator/Chart.yaml index a46e7ecde9..acff27d8ad 100644 --- a/charts/rollout-operator/Chart.yaml +++ b/charts/rollout-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rollout-operator description: "Grafana rollout-operator" type: application -version: 0.13.0 -appVersion: v0.11.0 +version: 0.14.0 +appVersion: v0.13.0 home: https://github.com/grafana/rollout-operator kubeVersion: ^1.10.0-0 diff --git a/charts/rollout-operator/README.md b/charts/rollout-operator/README.md index 3efeb2f1aa..f0de8efaa4 100644 --- a/charts/rollout-operator/README.md +++ b/charts/rollout-operator/README.md @@ -4,7 +4,7 @@ Helm chart for deploying [Grafana rollout-operator](https://github.com/grafana/r # rollout-operator -![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.11.0](https://img.shields.io/badge/AppVersion-v0.11.0-informational?style=flat-square) +![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0](https://img.shields.io/badge/AppVersion-v0.13.0-informational?style=flat-square) Grafana rollout-operator From 4389e01ec0aee87076d358badcdef1635a729eeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 26 Feb 2024 13:17:24 +0100 Subject: [PATCH 140/211] Separately configure automountServiceAccountToken MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/grafana/Chart.yaml | 2 +- charts/grafana/templates/_pod.tpl | 2 +- charts/grafana/values.yaml | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 64043bb3a8..58b806fd97 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.2 +version: 7.3.3 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index 80fb466097..ed22993c96 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -5,7 +5,7 @@ schedulerName: "{{ . }}" {{- end }} serviceAccountName: {{ include "grafana.serviceAccountName" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} +automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 2 }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index c39ea874ce..520e10991b 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -48,6 +48,9 @@ replicas: 1 ## Create a headless service for the deployment headlessService: false +## Should the service account be auto mounted on the pod +automountServiceAccountToken: true + ## Create HorizontalPodAutoscaler object for deployment type # autoscaling: From 379a3939cca6b87f63128841effef35a9f392a9a Mon Sep 17 00:00:00 2001 From: gasmick <33287410+gasmick@users.noreply.github.com> Date: Mon, 26 Feb 2024 15:05:37 +0100 Subject: [PATCH 141/211] [loki-distributed]: remove deprecated flag from compactor deployment Signed-off-by: gasmick <33287410+gasmick@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 2 +- charts/loki-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index fa3adfb835..02bde88422 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.5 +appVersion: 2.9.4 version: 0.79.0 home: https://grafana.github.io/helm-charts sources: diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index e37f698aa3..f51f6e671f 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.5](https://img.shields.io/badge/AppVersion-2.9.5-informational?style=flat-square) +![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.4](https://img.shields.io/badge/AppVersion-2.9.4-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 2d91f08fd22ffd91f32081f0af8c72b8d5187e6d Mon Sep 17 00:00:00 2001 From: jcreixell Date: Tue, 27 Feb 2024 13:23:29 +0100 Subject: [PATCH 142/211] [agent-operator] update helm chart for v0.40 Signed-off-by: jcreixell --- charts/agent-operator/Chart.yaml | 10 +- charts/agent-operator/README.md | 6 +- .../monitoring.coreos.com_podmonitors.yaml | 255 - .../crds/monitoring.coreos.com_probes.yaml | 264 -- ...monitoring.coreos.com_servicemonitors.yaml | 273 -- .../monitoring.grafana.com_grafanaagents.yaml | 4084 ----------------- .../monitoring.grafana.com_integrations.yaml | 928 ---- .../monitoring.grafana.com_logsinstances.yaml | 201 - ...nitoring.grafana.com_metricsinstances.yaml | 366 -- .../crds/monitoring.grafana.com_podlogs.yaml | 280 -- charts/agent-operator/values.yaml | 2 +- 11 files changed, 9 insertions(+), 6660 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 89f5353632..ed134809be 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.15 -appVersion: "0.39.1" -home: https://grafana.com/docs/agent/v0.39/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.39.1/docs/sources/assets/logo_and_name.png +version: 0.3.16 +appVersion: "0.40.0" +home: https://grafana.com/docs/agent/v0.40/ +icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.39.1/pkg/operator + - https://github.com/grafana/agent/tree/v0.40.0/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 9a321ce611..befe252886 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.1](https://img.shields.io/badge/AppVersion-0.39.1-informational?style=flat-square) +![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.39.1"` | Image tag | +| image.tag | string | `"v0.40.0"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml b/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml index 3e1fae0fc5..153677bb17 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml @@ -22,140 +22,81 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Pod selection for target discovery - by Prometheus. properties: attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.35.0 and above. properties: node: - description: When set to true, Prometheus must have permissions - to get Nodes. type: boolean type: object jobLabel: - description: The label to use to retrieve the job name from. type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object podMetricsEndpoints: - description: A list of endpoints allowed as part of this PodMonitor. items: - description: PodMetricsEndpoint defines a scrapeable endpoint of - a Kubernetes Pod serving Prometheus metrics. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -163,64 +104,35 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - pod monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. type: boolean filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -246,85 +158,46 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -332,19 +205,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -353,15 +219,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -374,37 +237,18 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). type: string port: - description: Name of the pod port this endpoint refers to. Mutually - exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -430,104 +274,59 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: 'Deprecated: Use ''port'' instead.' x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -535,43 +334,26 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -579,71 +361,41 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: - description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer selector: - description: Selector to select Pod objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -655,17 +407,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer required: diff --git a/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml b/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml index 7ece55d2ac..13fc36f9aa 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml @@ -22,91 +22,53 @@ spec: - name: v1 schema: openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Ingress selection for target discovery - by Prometheus. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials of - the request properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic - authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key @@ -114,62 +76,36 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. - The secret needs to be in the same namespace as the probe and accessible - by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic interval: - description: Interval at which targets are probed using the configured - prober. If not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string jobName: - description: The job name assigned to scraped metrics by default. type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. enum: - replace - Replace @@ -195,86 +131,48 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label - values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label - values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. type: string type: object type: array module: - description: 'The module to use for probing specifying how to probe - the target. Example module configuring in the blackbox exporter: - https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 client - id properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -282,19 +180,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key @@ -303,15 +194,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -320,87 +208,49 @@ spec: - tokenUrl type: object prober: - description: Specification for the prober to use for probing targets. - The prober.URL parameter is required. Targets cannot be probed if - left empty. properties: path: default: /probe - description: Path to collect metrics from. Defaults to `/probe`. type: string proxyUrl: - description: Optional ProxyURL. type: string scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string url: - description: Mandatory URL of the prober. type: string required: - url type: object sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer scrapeTimeout: - description: Timeout for scraping metrics from the Prometheus exporter. - If not specified, the Prometheus global scrape timeout is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer targets: - description: Targets defines a set of static or dynamically discovered - targets to probe. properties: ingress: - description: ingress defines the Ingress objects to probe and - the relabeling configuration. If `staticConfig` is also defined, - `staticConfig` takes precedence. properties: namespaceSelector: - description: From which namespaces to select Ingress objects. properties: any: - description: Boolean describing whether all namespaces - are selected in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the target before it gets scraped. The original ingress - address is available via the `__tmp_prometheus_ingress_address` - label. It can be used to customize the probed URL. The original - scrape job''s name is available via the `__tmp_prometheus_job_name` - label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -426,69 +276,33 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array selector: - description: Selector to select the Ingress objects. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. items: type: string type: array @@ -500,40 +314,21 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object staticConfig: - description: 'staticConfig defines the static list of targets - to probe and the relabeling configuration. If `ingress` is also - defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' properties: labels: additionalProperties: type: string - description: Labels assigned to all metrics scraped from the - targets. type: object relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -559,88 +354,52 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array static: - description: The list of hosts to probe. items: type: string type: array type: object type: object tlsConfig: - description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -648,40 +407,26 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -689,29 +434,20 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: - description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object diff --git a/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml b/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml index 5d661184cf..ff62f8f267 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml @@ -22,106 +22,61 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Service selection for target discovery - by Prometheus. properties: attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.37.0 and above. properties: node: - description: When set to true, Prometheus must have permissions - to get Nodes. type: boolean type: object endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -129,67 +84,37 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenFile: - description: File to read bearer token for scraping targets. type: string bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - service monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. type: boolean filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -215,85 +140,46 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -301,19 +187,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -322,15 +201,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -343,37 +219,18 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). type: string port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -399,107 +256,59 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape timeout is used unless - it is less than `Interval` in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: Name or number of the target port of the Pod behind - the Service, the port must be specified with container port - property. Mutually exclusive with port. x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -507,47 +316,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -555,119 +345,65 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object type: array jobLabel: - description: "JobLabel selects the label from the associated Kubernetes - service which will be used as the `job` label for all metrics. \n - For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: - bar`, then the `job=\"bar\"` label is added to all metrics. \n If - the value of this field is empty or if the label doesn't exist for - the given Service, the `job` label of the metrics defaults to the - name of the Kubernetes Service." type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Kubernetes Endpoints - objects are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes `Pod` - onto the created metrics. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer selector: - description: Selector to select Endpoints objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -679,23 +415,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLabels: - description: TargetLabels transfers labels from the Kubernetes `Service` - onto the created metrics. items: type: string type: array targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer required: diff --git a/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml b/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml index fab68b18e6..4ec31d67a4 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml @@ -20,81 +20,32 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: GrafanaAgent defines a Grafana Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the Grafana Agent cluster. properties: affinity: - description: Affinity, if specified, controls pod scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). properties: preference: - description: A node selector term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -104,33 +55,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -142,8 +73,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -152,50 +81,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -205,33 +102,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -249,61 +126,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -315,52 +153,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -372,40 +177,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -414,52 +198,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -471,47 +221,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -523,33 +245,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -557,62 +260,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -624,52 +287,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -681,40 +311,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -723,52 +332,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -780,47 +355,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -832,33 +379,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -867,83 +395,47 @@ spec: type: object type: object apiServer: - description: APIServerConfig lets you specify a host and auth methods - to access the Kubernetes API server. If left empty, the Agent assumes - that it is running inside of the cluster and will discover API servers - automatically and use the pod's CA certificate and bearer token - file at /var/run/secrets/kubernetes.io/serviceaccount. properties: authorization: - description: Authorization section for accessing apiserver properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic credentialsFile: - description: File to read a secret from, mutually exclusive - with Credentials (from SafeAuthorization) type: string type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: BasicAuth allow an endpoint to authenticate over - basic authentication properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -951,57 +443,34 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: Bearer token for accessing apiserver. type: string bearerTokenFile: - description: File to read bearer token for accessing apiserver. type: string host: - description: Host of apiserver. A valid string consisting of a - hostname or IP followed by an optional port number type: string tlsConfig: - description: TLS Config to use for accessing apiserver. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -1009,47 +478,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -1057,210 +507,102 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object required: - host type: object configMaps: - description: ConfigMaps is a list of config maps in the same namespace - as the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The ConfigMaps are mounted into /var/lib/grafana-agent/extra-configmaps/. items: type: string type: array configReloaderImage: - description: Image, when specified, overrides the image used to run - Config Reloader. Specify the image along with a tag. You still need - to set the version to ensure Grafana Agent Operator knows which - version of Grafana Agent is being configured. type: string configReloaderVersion: - description: Version of Config Reloader to be deployed. type: string containers: - description: 'Containers lets you inject additional containers or - modify operator-generated containers. This can be used to add an - authentication proxy to a Grafana Agent pod or to change the behavior - of an operator-generated container. Containers described here modify - an operator-generated container if they share the same name and - if modifications are done via a strategic merge patch. The current - container names are: `grafana-agent` and `config-reloader`. Overriding - containers is entirely outside the scope of what the Grafana Agent - team supports and by doing so, you accept that this behavior may - break at any time without notice.' items: - description: A single application container that you want to run - within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -1272,111 +614,53 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1384,97 +668,49 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1482,40 +718,25 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1523,71 +744,37 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1595,126 +782,62 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". type: string required: - containerPort @@ -1725,71 +848,37 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1797,97 +886,51 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize - policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -1896,23 +939,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -1928,8 +959,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1938,275 +967,103 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2214,139 +1071,61 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -2354,40 +1133,19 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -2395,9 +1153,6 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. type: string required: - name @@ -2405,190 +1160,88 @@ spec: type: array disableReporting: default: false - description: disableReporting disables reporting of enabled feature - flags to Grafana. type: boolean disableSupportBundle: default: false - description: disableSupportBundle disables the generation of support - bundles. type: boolean enableConfigReadAPI: default: false - description: enableConfigReadAPI enables the read API for viewing - the currently running config port 8080 on the agent. type: boolean image: - description: Image, when specified, overrides the image used to run - Agent. Specify the image along with a tag. You still need to set - the version to ensure Grafana Agent Operator knows which version - of Grafana Agent is being configured. type: string imagePullSecrets: - description: 'ImagePullSecrets holds an optional list of references - to Secrets within the same namespace used for pulling the Grafana - Agent image from registries. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'InitContainers let you add initContainers to the pod - definition. These can be used to, for example, fetch secrets for - injection into the Grafana Agent configuration from external sources. - Errors during the execution of an initContainer cause the pod to - restart. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other than secret fetching - is entirely outside the scope of what the Grafana Agent maintainers - support and by doing so, you accept that this behavior may break - at any time without notice.' items: - description: A single application container that you want to run - within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -2600,111 +1253,53 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2712,97 +1307,49 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2810,40 +1357,25 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2851,71 +1383,37 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2923,126 +1421,62 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". type: string required: - containerPort @@ -3053,71 +1487,37 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3125,97 +1525,51 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize - policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -3224,23 +1578,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -3256,8 +1598,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3266,275 +1606,103 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3542,139 +1710,61 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -3682,40 +1772,19 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -3723,47 +1792,23 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. type: string required: - name type: object type: array integrations: - description: Integrations controls the integration subsystem of the - Agent and settings unique to deployed integration-specific pods. properties: namespaceSelector: - description: "Label selector for namespaces to search when discovering - integration resources. If nil, integration resources are only - discovered in the namespace of the GrafanaAgent resource. \n - Set to `{}` to search all namespaces." properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -3775,41 +1820,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic selector: - description: Label selector to find Integration resources to run. - When nil, no integration resources will be defined. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -3821,91 +1844,49 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object logFormat: - description: LogFormat controls the logging format of the generated - pods. Defaults to "logfmt" if not set. type: string logLevel: - description: LogLevel controls the log level of the generated pods. - Defaults to "info" if not set. type: string logs: - description: Logs controls the logging subsystem of the Agent and - settings unique to logging-specific pods that are deployed. properties: clients: - description: A global set of clients to use when a discovered - LogsInstance does not have any clients defined. items: - description: LogsClientSpec defines the client integration for - logs, indicating which Loki server to send logs to. properties: backoffConfig: - description: Configures how to retry requests to Loki when - a request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. properties: maxPeriod: - description: Maximum backoff time between retries. type: string maxRetries: - description: Maximum number of retries to perform before - giving up a request. type: integer minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. type: string type: object basicAuth: - description: BasicAuth for the Loki server. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -3913,70 +1894,40 @@ spec: x-kubernetes-map-type: atomic type: object batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. type: integer batchWait: - description: Maximum amount of time to wait before sending - a batch, even if that batch isn't full. type: string bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time - series when sending data to Loki. type: object oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the - OAuth2 client id properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -3984,21 +1935,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client - secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4007,15 +1949,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -4024,64 +1963,34 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. type: string timeout: - description: Maximum time to wait for a server to respond - to a request. type: string tlsConfig: - description: TLSConfig to use for the client. Only used - when the protocol of the URL is https. properties: ca: - description: Certificate authority used when verifying - server certificates. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4089,51 +1998,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing - client-authentication. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4141,89 +2027,46 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for - the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: 'URL is the URL where Loki is listening. Must - be a full HTTP URL, including protocol. Required. Example: - https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' type: string required: - url type: object type: array enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value will always be the namespace of the object that is being - created. type: string ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, will ignore NamespaceSelector - settings from the PodLogs configs, and they will only discover - endpoints within their current namespace. type: boolean instanceNamespaceSelector: - description: InstanceNamespaceSelector are the set of labels to - determine which namespaces to watch for LogInstances. If not - provided, only checks own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4235,42 +2078,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic instanceSelector: - description: InstanceSelector determines which LogInstances should - be selected for running. Each instance runs its own set of Prometheus - components, including service discovery, scraping, and remote_write. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4282,98 +2102,43 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic logsExternalLabelName: - description: LogsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - External label will _not_ be added when value is set to the - empty string. type: string type: object metrics: - description: Metrics controls the metrics subsystem of the Agent and - settings unique to metrics-specific pods that are deployed. properties: arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration - based on a ServiceMonitor can access arbitrary files on the - file system of the Grafana Agent container, e.g., bearer token - files. properties: deny: type: boolean type: object enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value is always the namespace of the object that is being created. type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines a global limit on the - number of scraped samples that are accepted. This overrides - any SampleLimit set per ServiceMonitor and/or PodMonitor. It - is meant to be used by admins to enforce the SampleLimit to - keep the overall number of samples and series under the desired - limit. Note that if a SampleLimit from a ServiceMonitor or PodMonitor - is lower, that value is used instead. format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the - number of scraped targets. This overrides any TargetLimit set - per ServiceMonitor and/or PodMonitor. It is meant to be used - by admins to enforce the TargetLimit to keep the overall number - of targets under the desired limit. Note that if a TargetLimit - from a ServiceMonitor or PodMonitor is higher, that value is - used instead. format: int64 type: integer externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time series - when sending data over remote_write. type: object ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, ignores NamespaceSelector - settings from the PodMonitor and ServiceMonitor configs, so - that they only discover endpoints within their current namespace. type: boolean instanceNamespaceSelector: - description: InstanceNamespaceSelector is the set of labels that - determines which namespaces to watch for MetricsInstances. If - not provided, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4385,43 +2150,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic instanceSelector: - description: InstanceSelector determines which MetricsInstances - should be selected for running. Each instance runs its own set - of Metrics components, including service discovery, scraping, - and remote_write. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4433,77 +2174,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic metricsExternalLabelName: - description: MetricsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - The external label is _not_ added when the value is set to the - empty string. type: string overrideHonorLabels: - description: OverrideHonorLabels, if true, overrides all configured - honor_labels read from ServiceMonitor or PodMonitor and sets - them to false. type: boolean overrideHonorTimestamps: - description: OverrideHonorTimestamps allows global enforcement - for honoring timestamps in all scrape configs. type: boolean remoteWrite: - description: RemoteWrite controls default remote_write settings - for all instances. If an instance does not provide its own RemoteWrite - settings, these will be used instead. items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. properties: basicAuth: - description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4511,82 +2214,45 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string headers: additionalProperties: type: string - description: Headers is a set of custom HTTP headers to - be sent along with each remote_write request. Be aware - that any headers set by Grafana Agent itself can't be - overwritten. type: object metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. properties: send: - description: Send enables metric metadata to be sent - to remote storage. type: boolean sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. type: string type: object name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging - in order to differentiate queues. type: string oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the - OAuth2 client id properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4594,21 +2260,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client - secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4617,15 +2274,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -4634,109 +2288,57 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string queueConfig: - description: QueueConfig allows tuning of the remote_write - queue parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a - sample will wait in the buffer. type: string capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. type: integer maxBackoff: - description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times - to retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number - of samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. - MinBackoff is doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. type: integer retryOnRateLimit: - description: RetryOnRateLimit retries requests when - encountering rate limits. type: boolean type: object remoteTimeout: - description: RemoteTimeout is the timeout for requests to - the remote_write endpoint. type: string sigv4: - description: SigV4 configures SigV4-based authentication - to the remote_write endpoint. SigV4-based authentication - is used if SigV4 is defined, even with an empty object. properties: accessKey: - description: AccessKey holds the secret of the AWS API - access key to use for signing. If not provided, the - environment variable AWS_ACCESS_KEY_ID is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic profile: - description: Profile is the named AWS profile to use - for authentication. type: string region: - description: Region of the AWS endpoint. If blank, the - region from the default credentials chain is used. type: string roleARN: - description: RoleARN is the AWS Role ARN to use for - authentication, as an alternative for using the AWS - API keys. type: string secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4744,50 +2346,28 @@ spec: x-kubernetes-map-type: atomic type: object tlsConfig: - description: TLSConfig to use for remote_write. properties: ca: - description: Certificate authority used when verifying - server certificates. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4795,51 +2375,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing - client-authentication. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4847,59 +2404,33 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for - the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: URL of the endpoint to send samples to. type: string writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to - relabel samples before they are sent to the remote_write - endpoint. items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -4925,40 +2456,20 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the - extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated - source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from - existing labels. Their content is concatenated using - the configured separator and matched against the - configured regular expression for the replace, keep, - and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is - written in a replace action. It is mandatory for - replace actions. Regex capture groups are available. type: string type: object type: array @@ -4967,96 +2478,47 @@ spec: type: object type: array replicaExternalLabelName: - description: ReplicaExternalLabelName is the name of the metrics - external label used to denote the replica name. Defaults to - __replica__. The external label is _not_ added when the value - is set to the empty string. type: string replicas: - description: Replicas of each shard to deploy for metrics pods. - Number of replicas multiplied by the number of shards is the - total number of pods created. format: int32 type: integer scrapeInterval: - description: ScrapeInterval is the time between consecutive scrapes. type: string scrapeTimeout: - description: ScrapeTimeout is the time to wait for a target to - respond before marking a scrape as failed. type: string shards: - description: Shards to distribute targets onto. Number of replicas - multiplied by the number of shards is the total number of pods - created. Note that scaling down shards does not reshard data - onto remaining instances; it must be manually moved. Increasing - shards does not reshard data either, but it will continue to - be available from the same instances. Sharding is performed - on the content of the __address__ target meta-label. format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: NodeSelector defines which nodes pods should be scheduling - on. type: object paused: - description: Paused prevents actions except for deletion to be performed - on the underlying managed objects. type: boolean podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to created Grafana Agent pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object portName: - description: Port name used for the pods and governing service. This - defaults to agent-metrics. type: string priorityClassName: - description: PriorityClassName is the priority class assigned to pods. type: string resources: - description: Resources holds requests and limits for individual pods. properties: claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. type: string required: - name @@ -5072,8 +2534,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5082,151 +2542,60 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: RuntimeClassName is the runtime class assigned to pods. type: string secrets: - description: Secrets is a list of secrets in the same namespace as - the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The secrets are mounted into /var/lib/grafana-agent/extra-secrets/. items: type: string type: array securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. When unspecified, defaults to the default - PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies to - the container. type: string role: - description: Role is a SELinux role label that applies to - the container. type: string type: - description: Type is a SELinux type label that applies to - the container. type: string user: - description: User is a SELinux user label that applies to - the container. type: string type: object seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID, - the fsGroup (if specified), and group memberships defined in - the container image for the uid of the container process. If - unspecified, no additional groups are added to any container. - Note that group memberships defined in the container image for - the uid of the container process are still effective, even if - they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. items: - description: Sysctl defines a kernel parameter to be set properties: name: - description: Name of a property to set type: string value: - description: Value of a property to set type: string required: - name @@ -5234,146 +2603,53 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount - to use for running Grafana Agent pods. type: string storage: - description: Storage spec to specify how storage will be used. properties: disableMountSubPath: - description: '*Deprecated: subPath usage will be removed in a - future release.*' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the StatefulSet. - If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the StatefulSet. - This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, - starting with k8s 1.19, it requires enabling the GenericEphemeralVolume - feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC will - be deleted together with the pod. The name of the PVC will - be `-` where `` is the - name from the `PodSpec.Volumes` array entry. Pod validation - will reject the pod if the concatenated name is not valid - for a PVC (for example, too long). \n An existing PVC with - that name that is not owned by the pod will *not* be used - for the pod to avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the unrelated PVC - is removed. If such a pre-created PVC is meant to be used - by the pod, the PVC has to updated with an owner reference - to the pod once the pod exists. Normally this should not - be necessary, but it may be useful when manually reconstructing - a broken cluster. \n This field is read-only and no changes - will be made by Kubernetes to the PVC after it has been - created. \n Required, must not be nil." properties: metadata: - description: May contain labels and annotations that will - be copied into the PVC when creating it. No other fields - are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -5381,90 +2657,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. type: string required: - name @@ -5480,8 +2691,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5490,43 +2699,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. items: type: string type: array @@ -5538,27 +2722,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. type: string type: object required: @@ -5566,87 +2737,37 @@ spec: type: object type: object volumeClaimTemplate: - description: Defines the PVC spec to be used by the Prometheus - StatefulSets. The easiest way to use a volume that cannot be - automatically provisioned is to use a label selector alongside - manually created PersistentVolumes. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to - an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Defines the desired characteristics of a volume - requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified - data source, it will create a new volume based on the - contents of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef contents - will be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, then - dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -5654,85 +2775,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the dataSource - field and as such if both fields are non-empty, they - must have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, both - fields (dataSource and dataSourceRef) will be set to - the same value automatically if one of them is empty - and the other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the same - value and must be empty. There are three important differences - between dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - * While dataSource only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource feature gate - to be enabled. (Alpha) Using the namespace field of - dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant object - is required in the referent namespace to allow that - namespace's owner to accept the reference. See the - ReferenceGrant documentation for details. (Alpha) - This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but - must still be higher than capacity recorded in the status - field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. type: string required: - name @@ -5748,8 +2809,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5758,42 +2817,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to - consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -5805,80 +2840,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is - required by the claim. Value of Filesystem is implied - when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the - PersistentVolume backing this claim. type: string type: object status: - description: '*Deprecated: this field is never set.*' properties: accessModes: - description: 'accessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array allocatedResourceStatuses: additionalProperties: - description: When a controller receives persistentvolume - claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore - that update and let other controllers handle it. type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n ClaimResourceStatus can be - in any of following states: - ControllerResizeInProgress: - State set when resize controller starts resizing the - volume in control-plane. - ControllerResizeFailed: State - set when resize has failed in resize controller with - a terminal error. - NodeResizePending: State set when - resize controller has finished resizing the volume but - further resizing of volume is needed on the node. - - NodeResizeInProgress: State set when kubelet starts - resizing the volume. - NodeResizeFailed: State set when - resizing has failed in kubelet with a terminal error. - Transient errors don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - this field can - be one of the following states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field is not set, it - means that no resize operation is in progress for the - given PVC. \n A controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose it was designed. - For example - a controller that only is responsible - for resizing capacity of the volume, should ignore PVC - updates that change other valid resources associated - with PVC. \n This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -5888,31 +2868,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n Capacity reported here may - be larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. \n A controller that receives - PVC update with previously unknown resourceName should - ignore the update for the purpose it was designed. For - example - a controller that only is responsible for - resizing capacity of the volume, should ignore PVC updates - that change other valid resources associated with PVC. - \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." type: object capacity: additionalProperties: @@ -5921,43 +2876,23 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. type: object conditions: - description: conditions is the current Condition of persistent - volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contains - details about state of pvc properties: lastProbeTime: - description: lastProbeTime is the time we probed - the condition. format: date-time type: string lastTransitionTime: - description: lastTransitionTime is the time the - condition transitioned from one status to another. format: date-time type: string message: - description: message is the human-readable message - indicating details about last transition. type: string reason: - description: reason is a unique, this should be - a short, machine understandable string that gives - the reason for condition's last transition. If - it reports "ResizeStarted" that means the underlying - persistent volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -5965,86 +2900,39 @@ spec: type: object type: array phase: - description: phase represents the current phase of PersistentVolumeClaim. type: string type: object type: object type: object tolerations: - description: Tolerations, if specified, controls the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints, if specified, controls the - pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. items: type: string type: array @@ -6056,126 +2944,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select - the pods over which spreading will be calculated. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are ANDed with labelSelector to select the - group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in - both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys that don't exist - in the incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. \n This is a - beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods - in an eligible domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the global minimum is 1. | - zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that satisfy - it. It''s a required field. Default value is 1 and 0 is not - allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum number of eligible - domains. When the number of eligible domains with matching - topology keys is less than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and then the calculation of - Skew is performed. And when the number of eligible domains - with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than 0. When value - is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For - example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector spread as - 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, new pod with - the same labelSelector cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread feature gate - to be enabled (enabled by default)." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat - Pod's nodeAffinity/nodeSelector when calculating pod topology - spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. \n - If this value is nil, the behavior is equivalent to the Honor - policy. This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node - taints when calculating pod topology spread skew. Options - are: - Honor: nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. We define a domain as a particular instance of - a topology. Also, we define an eligible domain as a domain - whose nodes meet the requirements of nodeAffinityPolicy and - nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain of - that topology. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but - giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for an - incoming pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. For - example, in a 3-zone cluster, MaxSkew is set to 1, and pods - with the same labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable is - set to DoNotSchedule, incoming pod can only be scheduled to - zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on - zone2(zone3) satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make it *more* - imbalanced. It''s a required field.' type: string required: - maxSkew @@ -6184,44 +2973,21 @@ spec: type: object type: array version: - description: Version of Grafana Agent to be deployed. type: string volumeMounts: - description: VolumeMounts lets you configure additional VolumeMounts - on the output StatefulSet definition. Specified VolumeMounts are - appended to other VolumeMounts generated as a result of StorageSpec - objects in the Grafana Agent container. items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -6229,224 +2995,106 @@ spec: type: object type: array volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. The volumes specified are appended - to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in the - blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob - storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -6454,139 +3102,66 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: optional specify whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -6598,114 +3173,35 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -6713,94 +3209,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -6816,8 +3243,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6826,46 +3251,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -6877,28 +3274,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -6906,74 +3289,38 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' items: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for - this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds extra - command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -6981,184 +3328,88 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. type: string repository: - description: repository is the URL type: string revision: - description: revision is the commit hash for the specified - revision. type: string required: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -7166,148 +3417,67 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected along with - other supported volume types properties: configMap: - description: configMap information about the configMap - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -7315,91 +3485,42 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI - data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -7411,48 +3532,16 @@ spec: type: array type: object secret: - description: secret information about the secret data - to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -7460,45 +3549,19 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional field specify whether the - Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. type: string required: - path @@ -7507,148 +3570,76 @@ spec: type: array type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user type: string volume: - description: volume is a string that references an already - created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name of the storage system as - configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. type: string required: - gateway @@ -7656,54 +3647,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -7711,76 +3667,36 @@ spec: type: object type: array optional: - description: optional field specify whether the Secret or - its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk type: string required: - volumePath diff --git a/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml b/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml index e786166447..960b2f73ac 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml @@ -20,55 +20,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: "Integration runs a single Grafana Agent integration. Integrations - that generate telemetry must be configured to send that telemetry somewhere, - such as autoscrape for exporter-based integrations. \n Integrations have - access to the LogsInstances and MetricsInstances in the same GrafanaAgent - resource set, referenced by the / of the Instance resource. - \n For example, if there is a default/production MetricsInstance, you can - configure a supported integration's autoscrape block with: \n autoscrape: - enable: true metrics_instance: default/production \n There is currently - no way for telemetry created by an Operator-managed integration to be collected - from outside of the integration itself." properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specifies the desired behavior of the Integration. properties: config: - description: "The configuration for the named integration. Note that - Integrations are deployed with the integrations-next feature flag, - which has different common settings: \n https://grafana.com/docs/agent/latest/configuration/integrations/integrations-next/" type: object x-kubernetes-preserve-unknown-fields: true configMaps: - description: "An extra list of keys from ConfigMaps in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n ConfigMaps are mounted at /etc/grafana-agent/integrations/configMaps///." items: - description: Selects a key from a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be - defined type: boolean required: - key @@ -76,26 +47,15 @@ spec: x-kubernetes-map-type: atomic type: array name: - description: Name of the integration to run (e.g., "node_exporter", - "mysqld_exporter"). type: string secrets: - description: "An extra list of keys from Secrets in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n Secrets will be mounted at /etc/grafana-agent/integrations/secrets///." items: - description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -103,60 +63,26 @@ spec: x-kubernetes-map-type: atomic type: array type: - description: Type informs Grafana Agent Operator about how to manage - the integration being configured. properties: allNodes: - description: When true, the configured integration should be run - on every Node in the cluster. This is required for Integrations - that generate Node-specific metrics like node_exporter, otherwise - it must be false to avoid generating duplicate metrics. type: boolean unique: - description: Whether this integration can only be defined once - for a Grafana Agent process, such as statsd_exporter. It is - invalid for a GrafanaAgent to discover multiple unique Integrations - with the same Integration name (i.e., a single GrafanaAgent - cannot deploy two statsd_exporters). type: boolean type: object volumeMounts: - description: "An extra list of VolumeMounts to be associated with - the Grafana Agent pods running this integration. VolumeMount names - are mutated to be unique across all used IntegrationSpecs. \n Mount - paths should include the namespace/name of the Integration CR to - avoid potentially colliding with other resources." items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -164,228 +90,106 @@ spec: type: object type: array volumes: - description: "An extra list of Volumes to be associated with the Grafana - Agent pods running this integration. Volume names are mutated to - be unique across all Integrations. Note that the specified volumes - should be able to tolerate existing on multiple pods at once when - type is daemonset. \n Don't use volumes for loading Secrets or ConfigMaps - from the same namespace as the Integration; use the Secrets and - ConfigMaps fields instead." items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in the - blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob - storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -393,139 +197,66 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: optional specify whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -537,114 +268,35 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -652,94 +304,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -755,8 +338,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -765,46 +346,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -816,28 +369,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -845,74 +384,38 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' items: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for - this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds extra - command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -920,184 +423,88 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. type: string repository: - description: repository is the URL type: string revision: - description: revision is the commit hash for the specified - revision. type: string required: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -1105,148 +512,67 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected along with - other supported volume types properties: configMap: - description: configMap information about the configMap - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -1254,91 +580,42 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI - data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -1350,48 +627,16 @@ spec: type: array type: object secret: - description: secret information about the secret data - to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -1399,45 +644,19 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional field specify whether the - Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. type: string required: - path @@ -1446,148 +665,76 @@ spec: type: array type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user type: string volume: - description: volume is a string that references an already - created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name of the storage system as - configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. type: string required: - gateway @@ -1595,54 +742,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -1650,76 +762,36 @@ spec: type: object type: array optional: - description: optional field specify whether the Secret or - its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk type: string required: - volumePath diff --git a/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml b/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml index f36440ab0c..517bb30c2e 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml @@ -20,114 +20,60 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: LogsInstance controls an individual logs instance within a Grafana - Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the logs instance. properties: additionalScrapeConfigs: - description: "AdditionalScrapeConfigs allows specifying a key of a - Secret containing additional Grafana Agent logging scrape configurations. - Scrape configurations specified are appended to the configurations - generated by the Grafana Agent Operator. \n Job configurations specified - must have the form as specified in the official Promtail documentation: - \n https://grafana.com/docs/loki/latest/clients/promtail/configuration/#scrape_configs - \n As scrape configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Grafana Agent. It is advised to review both - Grafana Agent and Promtail release notes to ensure that no incompatible - scrape configs are going to break Grafana Agent after the upgrade." properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic clients: - description: Clients controls where logs are written to for this instance. items: - description: LogsClientSpec defines the client integration for logs, - indicating which Loki server to send logs to. properties: backoffConfig: - description: Configures how to retry requests to Loki when a - request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. properties: maxPeriod: - description: Maximum backoff time between retries. type: string maxRetries: - description: Maximum number of retries to perform before - giving up a request. type: integer minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. type: string type: object basicAuth: - description: BasicAuth for the Loki server. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -135,67 +81,40 @@ spec: x-kubernetes-map-type: atomic type: object batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. type: integer batchWait: - description: Maximum amount of time to wait before sending a - batch, even if that batch isn't full. type: string bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time series - when sending data to Loki. type: object oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -203,19 +122,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -224,15 +136,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -241,61 +150,34 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. type: string timeout: - description: Maximum time to wait for a server to respond to - a request. type: string tlsConfig: - description: TLSConfig to use for the client. Only used when - the protocol of the URL is https. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -303,47 +185,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -351,76 +214,42 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: 'URL is the URL where Loki is listening. Must be - a full HTTP URL, including protocol. Required. Example: https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' type: string required: - url type: object type: array podLogsNamespaceSelector: - description: Set of labels to determine which namespaces should be - watched for PodLogs. If not provided, checks only namespace of the - instance. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -432,41 +261,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic podLogsSelector: - description: Determines which PodLogs should be selected for including - in this instance. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -478,20 +285,12 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetConfig: - description: Configures how tailed targets are watched. properties: syncPeriod: - description: Period to resync directories being watched and files - being tailed to discover new ones or stop watching removed ones. type: string type: object type: object diff --git a/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml b/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml index 015c0339ce..610193f440 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml @@ -20,89 +20,41 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: MetricsInstance controls an individual Metrics instance within - a Grafana Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the Metrics instance. properties: additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs lets you specify a key of a - Secret containing additional Grafana Agent Prometheus scrape configurations. - The specified scrape configurations are appended to the configurations - generated by Grafana Agent Operator. Specified job configurations - must have the form specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, you must make sure the configuration - is still valid. Note that it''s possible that this feature will - break future upgrades of Grafana Agent. Review both Grafana Agent - and Prometheus release notes to ensure that no incompatible scrape - configs will break Grafana Agent after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic maxWALTime: - description: MaxWALTime is the maximum amount of time that series - and samples can exist in the WAL before being forcibly deleted. type: string minWALTime: - description: MinWALTime is the minimum amount of time that series - and samples can exist in the WAL before being considered for deletion. type: string podMonitorNamespaceSelector: - description: PodMonitorNamespaceSelector are the set of labels to - determine which namespaces to watch for PodMonitor discovery. If - nil, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -114,41 +66,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic podMonitorSelector: - description: PodMonitorSelector determines which PodMonitors to selected - for target discovery. Experimental. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -160,42 +90,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic probeNamespaceSelector: - description: ProbeNamespaceSelector is the set of labels that determines - which namespaces to watch for Probe discovery. If nil, it only checks - own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -207,41 +114,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic probeSelector: - description: ProbeSelector determines which Probes to select for target - discovery. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -253,62 +138,35 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic remoteFlushDeadline: - description: RemoteFlushDeadline is the deadline for flushing data - when an instance shuts down. type: string remoteWrite: - description: RemoteWrite controls remote_write settings for this instance. items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. properties: basicAuth: - description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -316,78 +174,45 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string headers: additionalProperties: type: string - description: Headers is a set of custom HTTP headers to be sent - along with each remote_write request. Be aware that any headers - set by Grafana Agent itself can't be overwritten. type: object metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. properties: send: - description: Send enables metric metadata to be sent to - remote storage. type: boolean sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. type: string type: object name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging in order - to differentiate queues. type: string oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -395,19 +220,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -416,15 +234,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -433,106 +248,57 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string queueConfig: - description: QueueConfig allows tuning of the remote_write queue - parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in the buffer. type: string capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. type: integer maxBackoff: - description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of - samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. MinBackoff - is doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. type: integer retryOnRateLimit: - description: RetryOnRateLimit retries requests when encountering - rate limits. type: boolean type: object remoteTimeout: - description: RemoteTimeout is the timeout for requests to the - remote_write endpoint. type: string sigv4: - description: SigV4 configures SigV4-based authentication to - the remote_write endpoint. SigV4-based authentication is used - if SigV4 is defined, even with an empty object. properties: accessKey: - description: AccessKey holds the secret of the AWS API access - key to use for signing. If not provided, the environment - variable AWS_ACCESS_KEY_ID is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic profile: - description: Profile is the named AWS profile to use for - authentication. type: string region: - description: Region of the AWS endpoint. If blank, the region - from the default credentials chain is used. type: string roleARN: - description: RoleARN is the AWS Role ARN to use for authentication, - as an alternative for using the AWS API keys. type: string secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -540,47 +306,28 @@ spec: x-kubernetes-map-type: atomic type: object tlsConfig: - description: TLSConfig to use for remote_write. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -588,47 +335,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -636,57 +364,33 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: URL of the endpoint to send samples to. type: string writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to relabel - samples before they are sent to the remote_write endpoint. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -712,39 +416,20 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array @@ -753,33 +438,15 @@ spec: type: object type: array serviceMonitorNamespaceSelector: - description: ServiceMonitorNamespaceSelector is the set of labels - that determine which namespaces to watch for ServiceMonitor discovery. - If nil, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -791,41 +458,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic serviceMonitorSelector: - description: ServiceMonitorSelector determines which ServiceMonitors - to select for target discovery. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -837,23 +482,12 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic walTruncateFrequency: - description: WALTruncateFrequency specifies how frequently to run - the WAL truncation process. Higher values cause the WAL to increase - and for old series to stay in the WAL longer, but reduces the chance - of data loss when remote_write fails for longer than the given frequency. type: string writeStaleOnShutdown: - description: WriteStaleOnShutdown writes staleness markers on shutdown - for all series. type: boolean type: object type: object diff --git a/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml b/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml index ff6531f61e..f22d051b51 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml @@ -20,325 +20,146 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: PodLogs defines how to collect logs for a pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the PodLogs. properties: jobLabel: - description: The label to use to retrieve the job name from. type: string namespaceSelector: - description: Selector to select which namespaces the Pod objects are - discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object pipelineStages: - description: Pipeline stages for this pod. Pipeline stages support - transforming and filtering log lines. items: - description: "PipelineStageSpec defines an individual pipeline stage. - Each stage type is mutually exclusive and no more than one may - be set per stage. \n More information on pipelines can be found - in the Promtail documentation: https://grafana.com/docs/loki/latest/clients/promtail/pipelines/" properties: cri: - description: 'CRI is a parsing stage that reads log lines using - the standard CRI logging format. Supply cri: {} to enable.' type: object docker: - description: 'Docker is a parsing stage that reads log lines - using the standard Docker logging format. Supply docker: {} - to enable.' type: object drop: - description: Drop is a filtering stage that lets you drop certain - logs. properties: dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "drop_stage". type: string expression: - description: "RE2 regular expression. \n If source is provided, - the regex attempts to match the source. \n If no source - is provided, then the regex attempts to attach the log - line. \n If the provided regex matches the log line or - a provided source, the line is dropped." type: string longerThan: - description: LongerThan will drop a log line if it its content - is longer than this value (in bytes). Can be expressed - as an integer (8192) or a number with a suffix (8kb). type: string olderThan: - description: OlderThan will be parsed as a Go duration. - If the log line's timestamp is older than the current - time minus the provided duration, it will be dropped. type: string source: - description: Name from the extract data to parse. If empty, - uses the log message. type: string value: - description: "Value can only be specified when source is - specified. If the value provided is an exact match for - the given source then the line will be dropped. \n Mutually - exclusive with expression." type: string type: object json: - description: "JSON is a parsing stage that reads the log line - as JSON and accepts JMESPath expressions to extract data. - \n Information on JMESPath: http://jmespath.org/" properties: expressions: additionalProperties: type: string - description: "Set of the key/value pairs of JMESPath expressions. - The key will be the key in the extracted data while the - expression will be the value, evaluated as a JMESPath - from the source data. \n Literal JMESPath expressions - can be used by wrapping a key in double quotes, which - then must be wrapped again in single quotes in YAML so - they get passed to the JMESPath parser." type: object source: - description: Name from the extracted data to parse as JSON. - If empty, uses entire log message. type: string type: object labelAllow: - description: LabelAllow is an action stage that only allows - the provided labels to be included in the label set that is - sent to Loki with the log entry. items: type: string type: array labelDrop: - description: LabelDrop is an action stage that drops labels - from the label set that is sent to Loki with the log entry. items: type: string type: array labels: additionalProperties: type: string - description: "Labels is an action stage that takes data from - the extracted map and modifies the label set that is sent - to Loki with the log entry. \n The key is REQUIRED and represents - the name for the label that will be created. Value is optional - and will be the name from extracted data to use for the value - of the label. If the value is not provided, it defaults to - match the key." type: object limit: - description: Limit is a rate-limiting stage that throttles logs - based on several options. properties: burst: - description: The cap in the quantity of burst lines that - Promtail will push to Loki. type: integer drop: - description: "When drop is true, log lines that exceed the - current rate limit are discarded. When drop is false, - log lines that exceed the current rate limit wait to enter - the back pressure mode. \n Defaults to false." type: boolean rate: - description: The rate limit in lines per second that Promtail - will push to Loki. type: integer type: object match: - description: Match is a filtering stage that conditionally applies - a set of stages or drop entries when a log entry matches a - configurable LogQL stream selector and filter expressions. properties: action: - description: Determines what action is taken when the selector - matches the log line. Can be keep or drop. Defaults to - keep. When set to drop, entries are dropped and no later - metrics are recorded. Stages must be empty when dropping - metrics. type: string dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "match_stage." type: string pipelineName: - description: Names the pipeline. When defined, creates an - additional label in the pipeline_duration_seconds histogram, - where the value is concatenated with job_name using an - underscore. type: string selector: - description: LogQL stream selector and filter expressions. - Required. type: string stages: - description: "Nested set of pipeline stages to execute when - action is keep and the log line matches selector. \n An - example value for stages may be: \n stages: | - json: - {} - labelAllow: [foo, bar] \n Note that stages is a string - because SIG API Machinery does not support recursive types, - and so it cannot be validated for correctness. Be careful - not to mistype anything." type: string required: - selector type: object metrics: additionalProperties: - description: MetricsStageSpec is an action stage that allows - for defining and updating metrics based on data from the - extracted map. Created metrics are not pushed to Loki or - Prometheus and are instead exposed via the /metrics endpoint - of the Grafana Agent pod. The Grafana Agent Operator should - be configured with a MetricsInstance that discovers the - logging DaemonSet to collect metrics created by this stage. properties: action: - description: "The action to take against the metric. Required. - \n Must be either \"inc\" or \"add\" for type: counter - or type: histogram. When type: gauge, must be one of - \"set\", \"inc\", \"dec\", \"add\", or \"sub\". \n \"add\", - \"set\", or \"sub\" requires the extracted value to - be convertible to a positive float." type: string buckets: - description: 'Buckets to create. Bucket values must be - convertible to float64s. Extremely large or small numbers - are subject to some loss of precision. Only valid for - type: histogram.' items: type: string type: array countEntryBytes: - description: "If true all log line bytes are counted. - Can only be set with matchAll: true and action: add. - \n Only valid for type: counter." type: boolean description: - description: Sets the description for the created metric. type: string matchAll: - description: "If true, all log lines are counted without - attempting to match the source to the extracted map. - Mutually exclusive with value. \n Only valid for type: - counter." type: boolean maxIdleDuration: - description: "Label values on metrics are dynamic which - can cause exported metrics to go stale. To prevent unbounded - cardinality, any metrics not updated within MaxIdleDuration - are removed. \n Must be greater or equal to 1s. Defaults - to 5m." type: string prefix: - description: Sets the custom prefix name for the metric. - Defaults to "promtail_custom_". type: string source: - description: Key from the extracted data map to use for - the metric. Defaults to the metrics name if not present. type: string type: - description: The metric type to create. Must be one of - counter, gauge, histogram. Required. type: string value: - description: Filters down source data and only changes - the metric if the targeted value matches the provided - string exactly. If not present, all data matches. type: string required: - action - type type: object - description: Metrics is an action stage that supports defining - and updating metrics based on data from the extracted map. - Created metrics are not pushed to Loki or Prometheus and are - instead exposed via the /metrics endpoint of the Grafana Agent - pod. The Grafana Agent Operator should be configured with - a MetricsInstance that discovers the logging DaemonSet to - collect metrics created by this stage. type: object multiline: - description: Multiline stage merges multiple lines into a multiline - block before passing it on to the next stage in the pipeline. properties: firstLine: - description: RE2 regular expression. Creates a new multiline - block when matched. Required. type: string maxLines: - description: Maximum number of lines a block can have. A - new block is started if the number of lines surpasses - this value. Defaults to 128. type: integer maxWaitTime: - description: Maximum time to wait before passing on the - multiline block to the next stage if no new lines are - received. Defaults to 3s. type: string required: - firstLine type: object output: - description: Output stage is an action stage that takes data - from the extracted map and changes the log line that will - be sent to Loki. properties: source: - description: Name from extract data to use for the log entry. - Required. type: string required: - source type: object pack: - description: Pack is a transform stage that lets you embed extracted - values and labels into the log line by packing the log line - and labels inside of a JSON object. properties: ingestTimestamp: - description: If the resulting log line should use any existing - timestamp or use time.Now() when the line was created. - Set to true when combining several log streams from different - containers to avoid out of order errors. type: boolean labels: - description: Name from extracted data or line labels. Required. - Labels provided here are automatically removed from output - labels. items: type: string type: array @@ -346,107 +167,57 @@ spec: - labels type: object regex: - description: Regex is a parsing stage that parses a log line - using a regular expression. Named capture groups in the regex - allows for adding data into the extracted map. properties: expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. type: string source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. type: string required: - expression type: object replace: - description: Replace is a parsing stage that parses a log line - using a regular expression and replaces the log line. Named - capture groups in the regex allows for adding data into the - extracted map. properties: expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. type: string replace: - description: Value to replace the captured group with. type: string source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. type: string required: - expression type: object template: - description: Template is a transform stage that manipulates - the values in the extracted map using Go's template syntax. properties: source: - description: Name from extracted data to parse. Required. - If empty, defaults to using the log message. type: string template: - description: Go template string to use. Required. In addition - to normal template functions, ToLower, ToUpper, Replace, - Trim, TrimLeft, TrimRight, TrimPrefix, and TrimSpace are - also available. type: string required: - source - template type: object tenant: - description: Tenant is an action stage that sets the tenant - ID for the log entry picking it from a field in the extracted - data map. If the field is missing, the default LogsClientSpec.tenantId - will be used. properties: label: - description: Name from labels whose value should be set - as tenant ID. Mutually exclusive with source and value. type: string source: - description: Name from extracted data to use as the tenant - ID. Mutually exclusive with label and value. type: string value: - description: Value to use for the template ID. Useful when - this stage is used within a conditional pipeline such - as match. Mutually exclusive with label and source. type: string type: object timestamp: - description: Timestamp is an action stage that can change the - timestamp of a log line before it is sent to Loki. If not - present, the timestamp of a log line defaults to the time - when the log line was read. properties: actionOnFailure: - description: Action to take when the timestamp can't be - extracted or parsed. Can be skip or fudge. Defaults to - fudge. type: string fallbackFormats: - description: Fallback formats to try if format fails. items: type: string type: array format: - description: 'Determines format of the time string. Required. - Can be one of: ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, - RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Unix, - UnixMs, UnixUs, UnixNs.' type: string location: - description: IANA Timezone Database string. type: string source: - description: Name from extracted data to use as the timestamp. - Required. type: string required: - format @@ -455,26 +226,14 @@ spec: type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. items: type: string type: array relabelings: - description: "RelabelConfigs to apply to logs before delivering. Grafana - Agent Operator automatically adds relabelings for a few standard - Kubernetes fields and replaces original scrape job name with __tmp_logs_job_name. - \n More info: https://grafana.com/docs/loki/latest/clients/promtail/configuration/#relabel_configs" items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. enum: - replace - Replace @@ -500,67 +259,33 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label - values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label - values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. type: string type: object type: array selector: - description: Selector to select Pod objects. Required. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -572,11 +297,6 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 4df2427768..d2ba96000f 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.39.1 + tag: v0.40.0 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 5462fcc7b2e6af0ee50ed7249837efaab8085b82 Mon Sep 17 00:00:00 2001 From: jcreixell Date: Tue, 27 Feb 2024 13:32:10 +0100 Subject: [PATCH 143/211] Update doc Signed-off-by: jcreixell --- charts/agent-operator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index befe252886..09b1f5cf61 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) +![Version: 0.3.16](https://img.shields.io/badge/Version-0.3.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator From 04af38b54cd3182c8549d456f222a39a4faa26f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Tue, 27 Feb 2024 18:31:18 +0100 Subject: [PATCH 144/211] [grafana] Add `serviceAccount.automountServiceAccountToken` and document `automountServiceAccountToken` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/grafana/Chart.yaml | 2 +- charts/grafana/README.md | 3 ++- charts/grafana/templates/serviceaccount.yaml | 4 ++-- charts/grafana/values.yaml | 11 +++++++---- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 58b806fd97..56a93c042e 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.3 +version: 7.3.4 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 6f645c564a..e0c004c642 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -137,6 +137,7 @@ need to instead set `global.imageRegistry`. | `extraSecretMounts` | Additional grafana server secret mounts | `[]` | | `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | | `extraVolumes` | Additional Grafana server volumes | `[]` | +| `automountServiceAccountToken` | Mounted the service account token on the grafana pod. Mandatory, if sidecars are enabled | `true` | | `createConfigmap` | Enable creating the grafana configmap | `true` | | `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | | `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | @@ -223,7 +224,7 @@ need to instead set `global.imageRegistry`. | `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` | | `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | | `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | -| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` | +| `serviceAccount.automountServiceAccountToken` | Automount the service account token on all pods where is service account is used | `false` | | `serviceAccount.annotations` | ServiceAccount annotations | | | `serviceAccount.create` | Create service account | `true` | | `serviceAccount.labels` | ServiceAccount labels | `{}` | diff --git a/charts/grafana/templates/serviceaccount.yaml b/charts/grafana/templates/serviceaccount.yaml index 784e71ba67..ffca0717ae 100644 --- a/charts/grafana/templates/serviceaccount.yaml +++ b/charts/grafana/templates/serviceaccount.yaml @@ -1,7 +1,7 @@ {{- if .Values.serviceAccount.create }} -{{- $root := . -}} apiVersion: v1 kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.autoMount | default .Values.serviceAccount.automountServiceAccountToken }} metadata: labels: {{- include "grafana.labels" . | nindent 4 }} @@ -10,7 +10,7 @@ metadata: {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: - {{- tpl (toYaml . | nindent 4) $root }} + {{- tpl (toYaml . | nindent 4) $ }} {{- end }} name: {{ include "grafana.serviceAccountName" . }} namespace: {{ include "grafana.namespace" . }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 520e10991b..03a183c146 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -38,10 +38,13 @@ serviceAccount: nameTest: ## ServiceAccount labels. labels: {} -## Service account annotations. Can be templated. -# annotations: -# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here - autoMount: false + ## Service account annotations. Can be templated. + # annotations: + # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + + ## autoMount is deprecated in favor of automountServiceAccountToken + # autoMount: false + automountServiceAccountToken: false replicas: 1 From b2121269062b7fc68dfb5d12c850299d0e7d84a8 Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Tue, 27 Feb 2024 10:51:51 +0100 Subject: [PATCH 145/211] [grafana] bump kiwigrid/k8s-sidecar version to 1.25.6 Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index c39ea874ce..a5b72c0ecb 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -833,7 +833,7 @@ sidecar: # -- The Docker registry registry: quay.io repository: kiwigrid/k8s-sidecar - tag: 1.25.2 + tag: 1.25.6 sha: "" imagePullPolicy: IfNotPresent resources: {} From 69123057603b3bcf6852c780bf8d2cf79c078da7 Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Tue, 27 Feb 2024 10:52:55 +0100 Subject: [PATCH 146/211] chore: bump kiwigrid/k8s-sidecar in README Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 6f645c564a..41c33cfe09 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -161,7 +161,7 @@ need to instead set `global.imageRegistry`. | `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | | `sidecar.image.registry` | Sidecar image registry | `quay.io` | | `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.24.6` | +| `sidecar.image.tag` | Sidecar image tag | `1.25.6` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | From 80fd72d9c6e4cd2b955a1d760d96b75aa9c9b42b Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Tue, 27 Feb 2024 10:53:13 +0100 Subject: [PATCH 147/211] chore: Bump Chart version Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 64043bb3a8..58b806fd97 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.2 +version: 7.3.3 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From d8ad02c79c9941299ab53e2008d915b8436b100e Mon Sep 17 00:00:00 2001 From: jcreixell Date: Tue, 27 Feb 2024 13:23:29 +0100 Subject: [PATCH 148/211] [agent-operator] update helm chart for v0.40 Signed-off-by: jcreixell Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/agent-operator/Chart.yaml | 10 +- charts/agent-operator/README.md | 6 +- .../monitoring.coreos.com_podmonitors.yaml | 255 - .../crds/monitoring.coreos.com_probes.yaml | 264 -- ...monitoring.coreos.com_servicemonitors.yaml | 273 -- .../monitoring.grafana.com_grafanaagents.yaml | 4084 ----------------- .../monitoring.grafana.com_integrations.yaml | 928 ---- .../monitoring.grafana.com_logsinstances.yaml | 201 - ...nitoring.grafana.com_metricsinstances.yaml | 366 -- .../crds/monitoring.grafana.com_podlogs.yaml | 280 -- charts/agent-operator/values.yaml | 2 +- 11 files changed, 9 insertions(+), 6660 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 89f5353632..ed134809be 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.15 -appVersion: "0.39.1" -home: https://grafana.com/docs/agent/v0.39/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.39.1/docs/sources/assets/logo_and_name.png +version: 0.3.16 +appVersion: "0.40.0" +home: https://grafana.com/docs/agent/v0.40/ +icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.39.1/pkg/operator + - https://github.com/grafana/agent/tree/v0.40.0/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 9a321ce611..befe252886 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.1](https://img.shields.io/badge/AppVersion-0.39.1-informational?style=flat-square) +![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.39.1"` | Image tag | +| image.tag | string | `"v0.40.0"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml b/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml index 3e1fae0fc5..153677bb17 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml @@ -22,140 +22,81 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Pod selection for target discovery - by Prometheus. properties: attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.35.0 and above. properties: node: - description: When set to true, Prometheus must have permissions - to get Nodes. type: boolean type: object jobLabel: - description: The label to use to retrieve the job name from. type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object podMetricsEndpoints: - description: A list of endpoints allowed as part of this PodMonitor. items: - description: PodMetricsEndpoint defines a scrapeable endpoint of - a Kubernetes Pod serving Prometheus metrics. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -163,64 +104,35 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - pod monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. type: boolean filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -246,85 +158,46 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -332,19 +205,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -353,15 +219,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -374,37 +237,18 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). type: string port: - description: Name of the pod port this endpoint refers to. Mutually - exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -430,104 +274,59 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: 'Deprecated: Use ''port'' instead.' x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -535,43 +334,26 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -579,71 +361,41 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: - description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer selector: - description: Selector to select Pod objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -655,17 +407,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer required: diff --git a/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml b/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml index 7ece55d2ac..13fc36f9aa 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml @@ -22,91 +22,53 @@ spec: - name: v1 schema: openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Ingress selection for target discovery - by Prometheus. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials of - the request properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic - authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key @@ -114,62 +76,36 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. - The secret needs to be in the same namespace as the probe and accessible - by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic interval: - description: Interval at which targets are probed using the configured - prober. If not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string jobName: - description: The job name assigned to scraped metrics by default. type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. enum: - replace - Replace @@ -195,86 +131,48 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label - values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label - values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. type: string type: object type: array module: - description: 'The module to use for probing specifying how to probe - the target. Example module configuring in the blackbox exporter: - https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 client - id properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -282,19 +180,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key @@ -303,15 +194,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -320,87 +208,49 @@ spec: - tokenUrl type: object prober: - description: Specification for the prober to use for probing targets. - The prober.URL parameter is required. Targets cannot be probed if - left empty. properties: path: default: /probe - description: Path to collect metrics from. Defaults to `/probe`. type: string proxyUrl: - description: Optional ProxyURL. type: string scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string url: - description: Mandatory URL of the prober. type: string required: - url type: object sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer scrapeTimeout: - description: Timeout for scraping metrics from the Prometheus exporter. - If not specified, the Prometheus global scrape timeout is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer targets: - description: Targets defines a set of static or dynamically discovered - targets to probe. properties: ingress: - description: ingress defines the Ingress objects to probe and - the relabeling configuration. If `staticConfig` is also defined, - `staticConfig` takes precedence. properties: namespaceSelector: - description: From which namespaces to select Ingress objects. properties: any: - description: Boolean describing whether all namespaces - are selected in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the target before it gets scraped. The original ingress - address is available via the `__tmp_prometheus_ingress_address` - label. It can be used to customize the probed URL. The original - scrape job''s name is available via the `__tmp_prometheus_job_name` - label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -426,69 +276,33 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array selector: - description: Selector to select the Ingress objects. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. items: type: string type: array @@ -500,40 +314,21 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object staticConfig: - description: 'staticConfig defines the static list of targets - to probe and the relabeling configuration. If `ingress` is also - defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' properties: labels: additionalProperties: type: string - description: Labels assigned to all metrics scraped from the - targets. type: object relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -559,88 +354,52 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array static: - description: The list of hosts to probe. items: type: string type: array type: object type: object tlsConfig: - description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -648,40 +407,26 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -689,29 +434,20 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: - description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object diff --git a/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml b/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml index 5d661184cf..ff62f8f267 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml @@ -22,106 +22,61 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Service selection for target discovery - by Prometheus. properties: attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.37.0 and above. properties: node: - description: When set to true, Prometheus must have permissions - to get Nodes. type: boolean type: object endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -129,67 +84,37 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenFile: - description: File to read bearer token for scraping targets. type: string bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - service monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. type: boolean filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -215,85 +140,46 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -301,19 +187,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -322,15 +201,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -343,37 +219,18 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). type: string port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -399,107 +256,59 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape timeout is used unless - it is less than `Interval` in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: Name or number of the target port of the Pod behind - the Service, the port must be specified with container port - property. Mutually exclusive with port. x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -507,47 +316,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -555,119 +345,65 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object type: array jobLabel: - description: "JobLabel selects the label from the associated Kubernetes - service which will be used as the `job` label for all metrics. \n - For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: - bar`, then the `job=\"bar\"` label is added to all metrics. \n If - the value of this field is empty or if the label doesn't exist for - the given Service, the `job` label of the metrics defaults to the - name of the Kubernetes Service." type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Kubernetes Endpoints - objects are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes `Pod` - onto the created metrics. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer selector: - description: Selector to select Endpoints objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -679,23 +415,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLabels: - description: TargetLabels transfers labels from the Kubernetes `Service` - onto the created metrics. items: type: string type: array targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer required: diff --git a/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml b/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml index fab68b18e6..4ec31d67a4 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml @@ -20,81 +20,32 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: GrafanaAgent defines a Grafana Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the Grafana Agent cluster. properties: affinity: - description: Affinity, if specified, controls pod scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). properties: preference: - description: A node selector term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -104,33 +55,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -142,8 +73,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -152,50 +81,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -205,33 +102,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -249,61 +126,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -315,52 +153,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -372,40 +177,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -414,52 +198,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -471,47 +221,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -523,33 +245,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -557,62 +260,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -624,52 +287,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -681,40 +311,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -723,52 +332,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -780,47 +355,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -832,33 +379,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -867,83 +395,47 @@ spec: type: object type: object apiServer: - description: APIServerConfig lets you specify a host and auth methods - to access the Kubernetes API server. If left empty, the Agent assumes - that it is running inside of the cluster and will discover API servers - automatically and use the pod's CA certificate and bearer token - file at /var/run/secrets/kubernetes.io/serviceaccount. properties: authorization: - description: Authorization section for accessing apiserver properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic credentialsFile: - description: File to read a secret from, mutually exclusive - with Credentials (from SafeAuthorization) type: string type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: BasicAuth allow an endpoint to authenticate over - basic authentication properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -951,57 +443,34 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: Bearer token for accessing apiserver. type: string bearerTokenFile: - description: File to read bearer token for accessing apiserver. type: string host: - description: Host of apiserver. A valid string consisting of a - hostname or IP followed by an optional port number type: string tlsConfig: - description: TLS Config to use for accessing apiserver. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -1009,47 +478,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -1057,210 +507,102 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object required: - host type: object configMaps: - description: ConfigMaps is a list of config maps in the same namespace - as the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The ConfigMaps are mounted into /var/lib/grafana-agent/extra-configmaps/. items: type: string type: array configReloaderImage: - description: Image, when specified, overrides the image used to run - Config Reloader. Specify the image along with a tag. You still need - to set the version to ensure Grafana Agent Operator knows which - version of Grafana Agent is being configured. type: string configReloaderVersion: - description: Version of Config Reloader to be deployed. type: string containers: - description: 'Containers lets you inject additional containers or - modify operator-generated containers. This can be used to add an - authentication proxy to a Grafana Agent pod or to change the behavior - of an operator-generated container. Containers described here modify - an operator-generated container if they share the same name and - if modifications are done via a strategic merge patch. The current - container names are: `grafana-agent` and `config-reloader`. Overriding - containers is entirely outside the scope of what the Grafana Agent - team supports and by doing so, you accept that this behavior may - break at any time without notice.' items: - description: A single application container that you want to run - within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -1272,111 +614,53 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1384,97 +668,49 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1482,40 +718,25 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1523,71 +744,37 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1595,126 +782,62 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". type: string required: - containerPort @@ -1725,71 +848,37 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1797,97 +886,51 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize - policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -1896,23 +939,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -1928,8 +959,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1938,275 +967,103 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2214,139 +1071,61 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -2354,40 +1133,19 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -2395,9 +1153,6 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. type: string required: - name @@ -2405,190 +1160,88 @@ spec: type: array disableReporting: default: false - description: disableReporting disables reporting of enabled feature - flags to Grafana. type: boolean disableSupportBundle: default: false - description: disableSupportBundle disables the generation of support - bundles. type: boolean enableConfigReadAPI: default: false - description: enableConfigReadAPI enables the read API for viewing - the currently running config port 8080 on the agent. type: boolean image: - description: Image, when specified, overrides the image used to run - Agent. Specify the image along with a tag. You still need to set - the version to ensure Grafana Agent Operator knows which version - of Grafana Agent is being configured. type: string imagePullSecrets: - description: 'ImagePullSecrets holds an optional list of references - to Secrets within the same namespace used for pulling the Grafana - Agent image from registries. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'InitContainers let you add initContainers to the pod - definition. These can be used to, for example, fetch secrets for - injection into the Grafana Agent configuration from external sources. - Errors during the execution of an initContainer cause the pod to - restart. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other than secret fetching - is entirely outside the scope of what the Grafana Agent maintainers - support and by doing so, you accept that this behavior may break - at any time without notice.' items: - description: A single application container that you want to run - within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -2600,111 +1253,53 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2712,97 +1307,49 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2810,40 +1357,25 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2851,71 +1383,37 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2923,126 +1421,62 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". type: string required: - containerPort @@ -3053,71 +1487,37 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3125,97 +1525,51 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize - policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -3224,23 +1578,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -3256,8 +1598,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3266,275 +1606,103 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3542,139 +1710,61 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -3682,40 +1772,19 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -3723,47 +1792,23 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. type: string required: - name type: object type: array integrations: - description: Integrations controls the integration subsystem of the - Agent and settings unique to deployed integration-specific pods. properties: namespaceSelector: - description: "Label selector for namespaces to search when discovering - integration resources. If nil, integration resources are only - discovered in the namespace of the GrafanaAgent resource. \n - Set to `{}` to search all namespaces." properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -3775,41 +1820,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic selector: - description: Label selector to find Integration resources to run. - When nil, no integration resources will be defined. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -3821,91 +1844,49 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object logFormat: - description: LogFormat controls the logging format of the generated - pods. Defaults to "logfmt" if not set. type: string logLevel: - description: LogLevel controls the log level of the generated pods. - Defaults to "info" if not set. type: string logs: - description: Logs controls the logging subsystem of the Agent and - settings unique to logging-specific pods that are deployed. properties: clients: - description: A global set of clients to use when a discovered - LogsInstance does not have any clients defined. items: - description: LogsClientSpec defines the client integration for - logs, indicating which Loki server to send logs to. properties: backoffConfig: - description: Configures how to retry requests to Loki when - a request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. properties: maxPeriod: - description: Maximum backoff time between retries. type: string maxRetries: - description: Maximum number of retries to perform before - giving up a request. type: integer minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. type: string type: object basicAuth: - description: BasicAuth for the Loki server. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -3913,70 +1894,40 @@ spec: x-kubernetes-map-type: atomic type: object batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. type: integer batchWait: - description: Maximum amount of time to wait before sending - a batch, even if that batch isn't full. type: string bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time - series when sending data to Loki. type: object oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the - OAuth2 client id properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -3984,21 +1935,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client - secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4007,15 +1949,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -4024,64 +1963,34 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. type: string timeout: - description: Maximum time to wait for a server to respond - to a request. type: string tlsConfig: - description: TLSConfig to use for the client. Only used - when the protocol of the URL is https. properties: ca: - description: Certificate authority used when verifying - server certificates. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4089,51 +1998,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing - client-authentication. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4141,89 +2027,46 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for - the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: 'URL is the URL where Loki is listening. Must - be a full HTTP URL, including protocol. Required. Example: - https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' type: string required: - url type: object type: array enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value will always be the namespace of the object that is being - created. type: string ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, will ignore NamespaceSelector - settings from the PodLogs configs, and they will only discover - endpoints within their current namespace. type: boolean instanceNamespaceSelector: - description: InstanceNamespaceSelector are the set of labels to - determine which namespaces to watch for LogInstances. If not - provided, only checks own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4235,42 +2078,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic instanceSelector: - description: InstanceSelector determines which LogInstances should - be selected for running. Each instance runs its own set of Prometheus - components, including service discovery, scraping, and remote_write. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4282,98 +2102,43 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic logsExternalLabelName: - description: LogsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - External label will _not_ be added when value is set to the - empty string. type: string type: object metrics: - description: Metrics controls the metrics subsystem of the Agent and - settings unique to metrics-specific pods that are deployed. properties: arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration - based on a ServiceMonitor can access arbitrary files on the - file system of the Grafana Agent container, e.g., bearer token - files. properties: deny: type: boolean type: object enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value is always the namespace of the object that is being created. type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines a global limit on the - number of scraped samples that are accepted. This overrides - any SampleLimit set per ServiceMonitor and/or PodMonitor. It - is meant to be used by admins to enforce the SampleLimit to - keep the overall number of samples and series under the desired - limit. Note that if a SampleLimit from a ServiceMonitor or PodMonitor - is lower, that value is used instead. format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the - number of scraped targets. This overrides any TargetLimit set - per ServiceMonitor and/or PodMonitor. It is meant to be used - by admins to enforce the TargetLimit to keep the overall number - of targets under the desired limit. Note that if a TargetLimit - from a ServiceMonitor or PodMonitor is higher, that value is - used instead. format: int64 type: integer externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time series - when sending data over remote_write. type: object ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, ignores NamespaceSelector - settings from the PodMonitor and ServiceMonitor configs, so - that they only discover endpoints within their current namespace. type: boolean instanceNamespaceSelector: - description: InstanceNamespaceSelector is the set of labels that - determines which namespaces to watch for MetricsInstances. If - not provided, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4385,43 +2150,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic instanceSelector: - description: InstanceSelector determines which MetricsInstances - should be selected for running. Each instance runs its own set - of Metrics components, including service discovery, scraping, - and remote_write. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4433,77 +2174,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic metricsExternalLabelName: - description: MetricsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - The external label is _not_ added when the value is set to the - empty string. type: string overrideHonorLabels: - description: OverrideHonorLabels, if true, overrides all configured - honor_labels read from ServiceMonitor or PodMonitor and sets - them to false. type: boolean overrideHonorTimestamps: - description: OverrideHonorTimestamps allows global enforcement - for honoring timestamps in all scrape configs. type: boolean remoteWrite: - description: RemoteWrite controls default remote_write settings - for all instances. If an instance does not provide its own RemoteWrite - settings, these will be used instead. items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. properties: basicAuth: - description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4511,82 +2214,45 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string headers: additionalProperties: type: string - description: Headers is a set of custom HTTP headers to - be sent along with each remote_write request. Be aware - that any headers set by Grafana Agent itself can't be - overwritten. type: object metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. properties: send: - description: Send enables metric metadata to be sent - to remote storage. type: boolean sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. type: string type: object name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging - in order to differentiate queues. type: string oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the - OAuth2 client id properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4594,21 +2260,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client - secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4617,15 +2274,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -4634,109 +2288,57 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string queueConfig: - description: QueueConfig allows tuning of the remote_write - queue parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a - sample will wait in the buffer. type: string capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. type: integer maxBackoff: - description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times - to retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number - of samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. - MinBackoff is doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. type: integer retryOnRateLimit: - description: RetryOnRateLimit retries requests when - encountering rate limits. type: boolean type: object remoteTimeout: - description: RemoteTimeout is the timeout for requests to - the remote_write endpoint. type: string sigv4: - description: SigV4 configures SigV4-based authentication - to the remote_write endpoint. SigV4-based authentication - is used if SigV4 is defined, even with an empty object. properties: accessKey: - description: AccessKey holds the secret of the AWS API - access key to use for signing. If not provided, the - environment variable AWS_ACCESS_KEY_ID is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic profile: - description: Profile is the named AWS profile to use - for authentication. type: string region: - description: Region of the AWS endpoint. If blank, the - region from the default credentials chain is used. type: string roleARN: - description: RoleARN is the AWS Role ARN to use for - authentication, as an alternative for using the AWS - API keys. type: string secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4744,50 +2346,28 @@ spec: x-kubernetes-map-type: atomic type: object tlsConfig: - description: TLSConfig to use for remote_write. properties: ca: - description: Certificate authority used when verifying - server certificates. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4795,51 +2375,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing - client-authentication. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4847,59 +2404,33 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for - the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: URL of the endpoint to send samples to. type: string writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to - relabel samples before they are sent to the remote_write - endpoint. items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -4925,40 +2456,20 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the - extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated - source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from - existing labels. Their content is concatenated using - the configured separator and matched against the - configured regular expression for the replace, keep, - and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is - written in a replace action. It is mandatory for - replace actions. Regex capture groups are available. type: string type: object type: array @@ -4967,96 +2478,47 @@ spec: type: object type: array replicaExternalLabelName: - description: ReplicaExternalLabelName is the name of the metrics - external label used to denote the replica name. Defaults to - __replica__. The external label is _not_ added when the value - is set to the empty string. type: string replicas: - description: Replicas of each shard to deploy for metrics pods. - Number of replicas multiplied by the number of shards is the - total number of pods created. format: int32 type: integer scrapeInterval: - description: ScrapeInterval is the time between consecutive scrapes. type: string scrapeTimeout: - description: ScrapeTimeout is the time to wait for a target to - respond before marking a scrape as failed. type: string shards: - description: Shards to distribute targets onto. Number of replicas - multiplied by the number of shards is the total number of pods - created. Note that scaling down shards does not reshard data - onto remaining instances; it must be manually moved. Increasing - shards does not reshard data either, but it will continue to - be available from the same instances. Sharding is performed - on the content of the __address__ target meta-label. format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: NodeSelector defines which nodes pods should be scheduling - on. type: object paused: - description: Paused prevents actions except for deletion to be performed - on the underlying managed objects. type: boolean podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to created Grafana Agent pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object portName: - description: Port name used for the pods and governing service. This - defaults to agent-metrics. type: string priorityClassName: - description: PriorityClassName is the priority class assigned to pods. type: string resources: - description: Resources holds requests and limits for individual pods. properties: claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. type: string required: - name @@ -5072,8 +2534,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5082,151 +2542,60 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: RuntimeClassName is the runtime class assigned to pods. type: string secrets: - description: Secrets is a list of secrets in the same namespace as - the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The secrets are mounted into /var/lib/grafana-agent/extra-secrets/. items: type: string type: array securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. When unspecified, defaults to the default - PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies to - the container. type: string role: - description: Role is a SELinux role label that applies to - the container. type: string type: - description: Type is a SELinux type label that applies to - the container. type: string user: - description: User is a SELinux user label that applies to - the container. type: string type: object seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID, - the fsGroup (if specified), and group memberships defined in - the container image for the uid of the container process. If - unspecified, no additional groups are added to any container. - Note that group memberships defined in the container image for - the uid of the container process are still effective, even if - they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. items: - description: Sysctl defines a kernel parameter to be set properties: name: - description: Name of a property to set type: string value: - description: Value of a property to set type: string required: - name @@ -5234,146 +2603,53 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount - to use for running Grafana Agent pods. type: string storage: - description: Storage spec to specify how storage will be used. properties: disableMountSubPath: - description: '*Deprecated: subPath usage will be removed in a - future release.*' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the StatefulSet. - If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the StatefulSet. - This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, - starting with k8s 1.19, it requires enabling the GenericEphemeralVolume - feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC will - be deleted together with the pod. The name of the PVC will - be `-` where `` is the - name from the `PodSpec.Volumes` array entry. Pod validation - will reject the pod if the concatenated name is not valid - for a PVC (for example, too long). \n An existing PVC with - that name that is not owned by the pod will *not* be used - for the pod to avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the unrelated PVC - is removed. If such a pre-created PVC is meant to be used - by the pod, the PVC has to updated with an owner reference - to the pod once the pod exists. Normally this should not - be necessary, but it may be useful when manually reconstructing - a broken cluster. \n This field is read-only and no changes - will be made by Kubernetes to the PVC after it has been - created. \n Required, must not be nil." properties: metadata: - description: May contain labels and annotations that will - be copied into the PVC when creating it. No other fields - are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -5381,90 +2657,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. type: string required: - name @@ -5480,8 +2691,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5490,43 +2699,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. items: type: string type: array @@ -5538,27 +2722,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. type: string type: object required: @@ -5566,87 +2737,37 @@ spec: type: object type: object volumeClaimTemplate: - description: Defines the PVC spec to be used by the Prometheus - StatefulSets. The easiest way to use a volume that cannot be - automatically provisioned is to use a label selector alongside - manually created PersistentVolumes. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to - an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Defines the desired characteristics of a volume - requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified - data source, it will create a new volume based on the - contents of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef contents - will be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, then - dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -5654,85 +2775,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the dataSource - field and as such if both fields are non-empty, they - must have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, both - fields (dataSource and dataSourceRef) will be set to - the same value automatically if one of them is empty - and the other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the same - value and must be empty. There are three important differences - between dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - * While dataSource only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource feature gate - to be enabled. (Alpha) Using the namespace field of - dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant object - is required in the referent namespace to allow that - namespace's owner to accept the reference. See the - ReferenceGrant documentation for details. (Alpha) - This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but - must still be higher than capacity recorded in the status - field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. type: string required: - name @@ -5748,8 +2809,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5758,42 +2817,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to - consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -5805,80 +2840,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is - required by the claim. Value of Filesystem is implied - when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the - PersistentVolume backing this claim. type: string type: object status: - description: '*Deprecated: this field is never set.*' properties: accessModes: - description: 'accessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array allocatedResourceStatuses: additionalProperties: - description: When a controller receives persistentvolume - claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore - that update and let other controllers handle it. type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n ClaimResourceStatus can be - in any of following states: - ControllerResizeInProgress: - State set when resize controller starts resizing the - volume in control-plane. - ControllerResizeFailed: State - set when resize has failed in resize controller with - a terminal error. - NodeResizePending: State set when - resize controller has finished resizing the volume but - further resizing of volume is needed on the node. - - NodeResizeInProgress: State set when kubelet starts - resizing the volume. - NodeResizeFailed: State set when - resizing has failed in kubelet with a terminal error. - Transient errors don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - this field can - be one of the following states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field is not set, it - means that no resize operation is in progress for the - given PVC. \n A controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose it was designed. - For example - a controller that only is responsible - for resizing capacity of the volume, should ignore PVC - updates that change other valid resources associated - with PVC. \n This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -5888,31 +2868,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n Capacity reported here may - be larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. \n A controller that receives - PVC update with previously unknown resourceName should - ignore the update for the purpose it was designed. For - example - a controller that only is responsible for - resizing capacity of the volume, should ignore PVC updates - that change other valid resources associated with PVC. - \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." type: object capacity: additionalProperties: @@ -5921,43 +2876,23 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. type: object conditions: - description: conditions is the current Condition of persistent - volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contains - details about state of pvc properties: lastProbeTime: - description: lastProbeTime is the time we probed - the condition. format: date-time type: string lastTransitionTime: - description: lastTransitionTime is the time the - condition transitioned from one status to another. format: date-time type: string message: - description: message is the human-readable message - indicating details about last transition. type: string reason: - description: reason is a unique, this should be - a short, machine understandable string that gives - the reason for condition's last transition. If - it reports "ResizeStarted" that means the underlying - persistent volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -5965,86 +2900,39 @@ spec: type: object type: array phase: - description: phase represents the current phase of PersistentVolumeClaim. type: string type: object type: object type: object tolerations: - description: Tolerations, if specified, controls the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints, if specified, controls the - pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. items: type: string type: array @@ -6056,126 +2944,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select - the pods over which spreading will be calculated. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are ANDed with labelSelector to select the - group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in - both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys that don't exist - in the incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. \n This is a - beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods - in an eligible domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the global minimum is 1. | - zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that satisfy - it. It''s a required field. Default value is 1 and 0 is not - allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum number of eligible - domains. When the number of eligible domains with matching - topology keys is less than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and then the calculation of - Skew is performed. And when the number of eligible domains - with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than 0. When value - is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For - example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector spread as - 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, new pod with - the same labelSelector cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread feature gate - to be enabled (enabled by default)." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat - Pod's nodeAffinity/nodeSelector when calculating pod topology - spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. \n - If this value is nil, the behavior is equivalent to the Honor - policy. This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node - taints when calculating pod topology spread skew. Options - are: - Honor: nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. We define a domain as a particular instance of - a topology. Also, we define an eligible domain as a domain - whose nodes meet the requirements of nodeAffinityPolicy and - nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain of - that topology. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but - giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for an - incoming pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. For - example, in a 3-zone cluster, MaxSkew is set to 1, and pods - with the same labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable is - set to DoNotSchedule, incoming pod can only be scheduled to - zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on - zone2(zone3) satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make it *more* - imbalanced. It''s a required field.' type: string required: - maxSkew @@ -6184,44 +2973,21 @@ spec: type: object type: array version: - description: Version of Grafana Agent to be deployed. type: string volumeMounts: - description: VolumeMounts lets you configure additional VolumeMounts - on the output StatefulSet definition. Specified VolumeMounts are - appended to other VolumeMounts generated as a result of StorageSpec - objects in the Grafana Agent container. items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -6229,224 +2995,106 @@ spec: type: object type: array volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. The volumes specified are appended - to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in the - blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob - storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -6454,139 +3102,66 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: optional specify whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -6598,114 +3173,35 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -6713,94 +3209,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -6816,8 +3243,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6826,46 +3251,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -6877,28 +3274,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -6906,74 +3289,38 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' items: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for - this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds extra - command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -6981,184 +3328,88 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. type: string repository: - description: repository is the URL type: string revision: - description: revision is the commit hash for the specified - revision. type: string required: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -7166,148 +3417,67 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected along with - other supported volume types properties: configMap: - description: configMap information about the configMap - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -7315,91 +3485,42 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI - data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -7411,48 +3532,16 @@ spec: type: array type: object secret: - description: secret information about the secret data - to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -7460,45 +3549,19 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional field specify whether the - Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. type: string required: - path @@ -7507,148 +3570,76 @@ spec: type: array type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user type: string volume: - description: volume is a string that references an already - created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name of the storage system as - configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. type: string required: - gateway @@ -7656,54 +3647,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -7711,76 +3667,36 @@ spec: type: object type: array optional: - description: optional field specify whether the Secret or - its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk type: string required: - volumePath diff --git a/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml b/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml index e786166447..960b2f73ac 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml @@ -20,55 +20,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: "Integration runs a single Grafana Agent integration. Integrations - that generate telemetry must be configured to send that telemetry somewhere, - such as autoscrape for exporter-based integrations. \n Integrations have - access to the LogsInstances and MetricsInstances in the same GrafanaAgent - resource set, referenced by the / of the Instance resource. - \n For example, if there is a default/production MetricsInstance, you can - configure a supported integration's autoscrape block with: \n autoscrape: - enable: true metrics_instance: default/production \n There is currently - no way for telemetry created by an Operator-managed integration to be collected - from outside of the integration itself." properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specifies the desired behavior of the Integration. properties: config: - description: "The configuration for the named integration. Note that - Integrations are deployed with the integrations-next feature flag, - which has different common settings: \n https://grafana.com/docs/agent/latest/configuration/integrations/integrations-next/" type: object x-kubernetes-preserve-unknown-fields: true configMaps: - description: "An extra list of keys from ConfigMaps in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n ConfigMaps are mounted at /etc/grafana-agent/integrations/configMaps///." items: - description: Selects a key from a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be - defined type: boolean required: - key @@ -76,26 +47,15 @@ spec: x-kubernetes-map-type: atomic type: array name: - description: Name of the integration to run (e.g., "node_exporter", - "mysqld_exporter"). type: string secrets: - description: "An extra list of keys from Secrets in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n Secrets will be mounted at /etc/grafana-agent/integrations/secrets///." items: - description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -103,60 +63,26 @@ spec: x-kubernetes-map-type: atomic type: array type: - description: Type informs Grafana Agent Operator about how to manage - the integration being configured. properties: allNodes: - description: When true, the configured integration should be run - on every Node in the cluster. This is required for Integrations - that generate Node-specific metrics like node_exporter, otherwise - it must be false to avoid generating duplicate metrics. type: boolean unique: - description: Whether this integration can only be defined once - for a Grafana Agent process, such as statsd_exporter. It is - invalid for a GrafanaAgent to discover multiple unique Integrations - with the same Integration name (i.e., a single GrafanaAgent - cannot deploy two statsd_exporters). type: boolean type: object volumeMounts: - description: "An extra list of VolumeMounts to be associated with - the Grafana Agent pods running this integration. VolumeMount names - are mutated to be unique across all used IntegrationSpecs. \n Mount - paths should include the namespace/name of the Integration CR to - avoid potentially colliding with other resources." items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -164,228 +90,106 @@ spec: type: object type: array volumes: - description: "An extra list of Volumes to be associated with the Grafana - Agent pods running this integration. Volume names are mutated to - be unique across all Integrations. Note that the specified volumes - should be able to tolerate existing on multiple pods at once when - type is daemonset. \n Don't use volumes for loading Secrets or ConfigMaps - from the same namespace as the Integration; use the Secrets and - ConfigMaps fields instead." items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in the - blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob - storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -393,139 +197,66 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: optional specify whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -537,114 +268,35 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -652,94 +304,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -755,8 +338,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -765,46 +346,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -816,28 +369,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -845,74 +384,38 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' items: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for - this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds extra - command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -920,184 +423,88 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. type: string repository: - description: repository is the URL type: string revision: - description: revision is the commit hash for the specified - revision. type: string required: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -1105,148 +512,67 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected along with - other supported volume types properties: configMap: - description: configMap information about the configMap - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -1254,91 +580,42 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI - data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -1350,48 +627,16 @@ spec: type: array type: object secret: - description: secret information about the secret data - to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -1399,45 +644,19 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional field specify whether the - Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. type: string required: - path @@ -1446,148 +665,76 @@ spec: type: array type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user type: string volume: - description: volume is a string that references an already - created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name of the storage system as - configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. type: string required: - gateway @@ -1595,54 +742,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -1650,76 +762,36 @@ spec: type: object type: array optional: - description: optional field specify whether the Secret or - its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk type: string required: - volumePath diff --git a/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml b/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml index f36440ab0c..517bb30c2e 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml @@ -20,114 +20,60 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: LogsInstance controls an individual logs instance within a Grafana - Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the logs instance. properties: additionalScrapeConfigs: - description: "AdditionalScrapeConfigs allows specifying a key of a - Secret containing additional Grafana Agent logging scrape configurations. - Scrape configurations specified are appended to the configurations - generated by the Grafana Agent Operator. \n Job configurations specified - must have the form as specified in the official Promtail documentation: - \n https://grafana.com/docs/loki/latest/clients/promtail/configuration/#scrape_configs - \n As scrape configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Grafana Agent. It is advised to review both - Grafana Agent and Promtail release notes to ensure that no incompatible - scrape configs are going to break Grafana Agent after the upgrade." properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic clients: - description: Clients controls where logs are written to for this instance. items: - description: LogsClientSpec defines the client integration for logs, - indicating which Loki server to send logs to. properties: backoffConfig: - description: Configures how to retry requests to Loki when a - request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. properties: maxPeriod: - description: Maximum backoff time between retries. type: string maxRetries: - description: Maximum number of retries to perform before - giving up a request. type: integer minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. type: string type: object basicAuth: - description: BasicAuth for the Loki server. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -135,67 +81,40 @@ spec: x-kubernetes-map-type: atomic type: object batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. type: integer batchWait: - description: Maximum amount of time to wait before sending a - batch, even if that batch isn't full. type: string bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time series - when sending data to Loki. type: object oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -203,19 +122,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -224,15 +136,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -241,61 +150,34 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. type: string timeout: - description: Maximum time to wait for a server to respond to - a request. type: string tlsConfig: - description: TLSConfig to use for the client. Only used when - the protocol of the URL is https. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -303,47 +185,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -351,76 +214,42 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: 'URL is the URL where Loki is listening. Must be - a full HTTP URL, including protocol. Required. Example: https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' type: string required: - url type: object type: array podLogsNamespaceSelector: - description: Set of labels to determine which namespaces should be - watched for PodLogs. If not provided, checks only namespace of the - instance. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -432,41 +261,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic podLogsSelector: - description: Determines which PodLogs should be selected for including - in this instance. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -478,20 +285,12 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetConfig: - description: Configures how tailed targets are watched. properties: syncPeriod: - description: Period to resync directories being watched and files - being tailed to discover new ones or stop watching removed ones. type: string type: object type: object diff --git a/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml b/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml index 015c0339ce..610193f440 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml @@ -20,89 +20,41 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: MetricsInstance controls an individual Metrics instance within - a Grafana Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the Metrics instance. properties: additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs lets you specify a key of a - Secret containing additional Grafana Agent Prometheus scrape configurations. - The specified scrape configurations are appended to the configurations - generated by Grafana Agent Operator. Specified job configurations - must have the form specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, you must make sure the configuration - is still valid. Note that it''s possible that this feature will - break future upgrades of Grafana Agent. Review both Grafana Agent - and Prometheus release notes to ensure that no incompatible scrape - configs will break Grafana Agent after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic maxWALTime: - description: MaxWALTime is the maximum amount of time that series - and samples can exist in the WAL before being forcibly deleted. type: string minWALTime: - description: MinWALTime is the minimum amount of time that series - and samples can exist in the WAL before being considered for deletion. type: string podMonitorNamespaceSelector: - description: PodMonitorNamespaceSelector are the set of labels to - determine which namespaces to watch for PodMonitor discovery. If - nil, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -114,41 +66,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic podMonitorSelector: - description: PodMonitorSelector determines which PodMonitors to selected - for target discovery. Experimental. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -160,42 +90,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic probeNamespaceSelector: - description: ProbeNamespaceSelector is the set of labels that determines - which namespaces to watch for Probe discovery. If nil, it only checks - own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -207,41 +114,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic probeSelector: - description: ProbeSelector determines which Probes to select for target - discovery. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -253,62 +138,35 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic remoteFlushDeadline: - description: RemoteFlushDeadline is the deadline for flushing data - when an instance shuts down. type: string remoteWrite: - description: RemoteWrite controls remote_write settings for this instance. items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. properties: basicAuth: - description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -316,78 +174,45 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string headers: additionalProperties: type: string - description: Headers is a set of custom HTTP headers to be sent - along with each remote_write request. Be aware that any headers - set by Grafana Agent itself can't be overwritten. type: object metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. properties: send: - description: Send enables metric metadata to be sent to - remote storage. type: boolean sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. type: string type: object name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging in order - to differentiate queues. type: string oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -395,19 +220,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -416,15 +234,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -433,106 +248,57 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string queueConfig: - description: QueueConfig allows tuning of the remote_write queue - parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in the buffer. type: string capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. type: integer maxBackoff: - description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of - samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. MinBackoff - is doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. type: integer retryOnRateLimit: - description: RetryOnRateLimit retries requests when encountering - rate limits. type: boolean type: object remoteTimeout: - description: RemoteTimeout is the timeout for requests to the - remote_write endpoint. type: string sigv4: - description: SigV4 configures SigV4-based authentication to - the remote_write endpoint. SigV4-based authentication is used - if SigV4 is defined, even with an empty object. properties: accessKey: - description: AccessKey holds the secret of the AWS API access - key to use for signing. If not provided, the environment - variable AWS_ACCESS_KEY_ID is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic profile: - description: Profile is the named AWS profile to use for - authentication. type: string region: - description: Region of the AWS endpoint. If blank, the region - from the default credentials chain is used. type: string roleARN: - description: RoleARN is the AWS Role ARN to use for authentication, - as an alternative for using the AWS API keys. type: string secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -540,47 +306,28 @@ spec: x-kubernetes-map-type: atomic type: object tlsConfig: - description: TLSConfig to use for remote_write. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -588,47 +335,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -636,57 +364,33 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: URL of the endpoint to send samples to. type: string writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to relabel - samples before they are sent to the remote_write endpoint. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -712,39 +416,20 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array @@ -753,33 +438,15 @@ spec: type: object type: array serviceMonitorNamespaceSelector: - description: ServiceMonitorNamespaceSelector is the set of labels - that determine which namespaces to watch for ServiceMonitor discovery. - If nil, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -791,41 +458,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic serviceMonitorSelector: - description: ServiceMonitorSelector determines which ServiceMonitors - to select for target discovery. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -837,23 +482,12 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic walTruncateFrequency: - description: WALTruncateFrequency specifies how frequently to run - the WAL truncation process. Higher values cause the WAL to increase - and for old series to stay in the WAL longer, but reduces the chance - of data loss when remote_write fails for longer than the given frequency. type: string writeStaleOnShutdown: - description: WriteStaleOnShutdown writes staleness markers on shutdown - for all series. type: boolean type: object type: object diff --git a/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml b/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml index ff6531f61e..f22d051b51 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml @@ -20,325 +20,146 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: PodLogs defines how to collect logs for a pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the PodLogs. properties: jobLabel: - description: The label to use to retrieve the job name from. type: string namespaceSelector: - description: Selector to select which namespaces the Pod objects are - discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object pipelineStages: - description: Pipeline stages for this pod. Pipeline stages support - transforming and filtering log lines. items: - description: "PipelineStageSpec defines an individual pipeline stage. - Each stage type is mutually exclusive and no more than one may - be set per stage. \n More information on pipelines can be found - in the Promtail documentation: https://grafana.com/docs/loki/latest/clients/promtail/pipelines/" properties: cri: - description: 'CRI is a parsing stage that reads log lines using - the standard CRI logging format. Supply cri: {} to enable.' type: object docker: - description: 'Docker is a parsing stage that reads log lines - using the standard Docker logging format. Supply docker: {} - to enable.' type: object drop: - description: Drop is a filtering stage that lets you drop certain - logs. properties: dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "drop_stage". type: string expression: - description: "RE2 regular expression. \n If source is provided, - the regex attempts to match the source. \n If no source - is provided, then the regex attempts to attach the log - line. \n If the provided regex matches the log line or - a provided source, the line is dropped." type: string longerThan: - description: LongerThan will drop a log line if it its content - is longer than this value (in bytes). Can be expressed - as an integer (8192) or a number with a suffix (8kb). type: string olderThan: - description: OlderThan will be parsed as a Go duration. - If the log line's timestamp is older than the current - time minus the provided duration, it will be dropped. type: string source: - description: Name from the extract data to parse. If empty, - uses the log message. type: string value: - description: "Value can only be specified when source is - specified. If the value provided is an exact match for - the given source then the line will be dropped. \n Mutually - exclusive with expression." type: string type: object json: - description: "JSON is a parsing stage that reads the log line - as JSON and accepts JMESPath expressions to extract data. - \n Information on JMESPath: http://jmespath.org/" properties: expressions: additionalProperties: type: string - description: "Set of the key/value pairs of JMESPath expressions. - The key will be the key in the extracted data while the - expression will be the value, evaluated as a JMESPath - from the source data. \n Literal JMESPath expressions - can be used by wrapping a key in double quotes, which - then must be wrapped again in single quotes in YAML so - they get passed to the JMESPath parser." type: object source: - description: Name from the extracted data to parse as JSON. - If empty, uses entire log message. type: string type: object labelAllow: - description: LabelAllow is an action stage that only allows - the provided labels to be included in the label set that is - sent to Loki with the log entry. items: type: string type: array labelDrop: - description: LabelDrop is an action stage that drops labels - from the label set that is sent to Loki with the log entry. items: type: string type: array labels: additionalProperties: type: string - description: "Labels is an action stage that takes data from - the extracted map and modifies the label set that is sent - to Loki with the log entry. \n The key is REQUIRED and represents - the name for the label that will be created. Value is optional - and will be the name from extracted data to use for the value - of the label. If the value is not provided, it defaults to - match the key." type: object limit: - description: Limit is a rate-limiting stage that throttles logs - based on several options. properties: burst: - description: The cap in the quantity of burst lines that - Promtail will push to Loki. type: integer drop: - description: "When drop is true, log lines that exceed the - current rate limit are discarded. When drop is false, - log lines that exceed the current rate limit wait to enter - the back pressure mode. \n Defaults to false." type: boolean rate: - description: The rate limit in lines per second that Promtail - will push to Loki. type: integer type: object match: - description: Match is a filtering stage that conditionally applies - a set of stages or drop entries when a log entry matches a - configurable LogQL stream selector and filter expressions. properties: action: - description: Determines what action is taken when the selector - matches the log line. Can be keep or drop. Defaults to - keep. When set to drop, entries are dropped and no later - metrics are recorded. Stages must be empty when dropping - metrics. type: string dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "match_stage." type: string pipelineName: - description: Names the pipeline. When defined, creates an - additional label in the pipeline_duration_seconds histogram, - where the value is concatenated with job_name using an - underscore. type: string selector: - description: LogQL stream selector and filter expressions. - Required. type: string stages: - description: "Nested set of pipeline stages to execute when - action is keep and the log line matches selector. \n An - example value for stages may be: \n stages: | - json: - {} - labelAllow: [foo, bar] \n Note that stages is a string - because SIG API Machinery does not support recursive types, - and so it cannot be validated for correctness. Be careful - not to mistype anything." type: string required: - selector type: object metrics: additionalProperties: - description: MetricsStageSpec is an action stage that allows - for defining and updating metrics based on data from the - extracted map. Created metrics are not pushed to Loki or - Prometheus and are instead exposed via the /metrics endpoint - of the Grafana Agent pod. The Grafana Agent Operator should - be configured with a MetricsInstance that discovers the - logging DaemonSet to collect metrics created by this stage. properties: action: - description: "The action to take against the metric. Required. - \n Must be either \"inc\" or \"add\" for type: counter - or type: histogram. When type: gauge, must be one of - \"set\", \"inc\", \"dec\", \"add\", or \"sub\". \n \"add\", - \"set\", or \"sub\" requires the extracted value to - be convertible to a positive float." type: string buckets: - description: 'Buckets to create. Bucket values must be - convertible to float64s. Extremely large or small numbers - are subject to some loss of precision. Only valid for - type: histogram.' items: type: string type: array countEntryBytes: - description: "If true all log line bytes are counted. - Can only be set with matchAll: true and action: add. - \n Only valid for type: counter." type: boolean description: - description: Sets the description for the created metric. type: string matchAll: - description: "If true, all log lines are counted without - attempting to match the source to the extracted map. - Mutually exclusive with value. \n Only valid for type: - counter." type: boolean maxIdleDuration: - description: "Label values on metrics are dynamic which - can cause exported metrics to go stale. To prevent unbounded - cardinality, any metrics not updated within MaxIdleDuration - are removed. \n Must be greater or equal to 1s. Defaults - to 5m." type: string prefix: - description: Sets the custom prefix name for the metric. - Defaults to "promtail_custom_". type: string source: - description: Key from the extracted data map to use for - the metric. Defaults to the metrics name if not present. type: string type: - description: The metric type to create. Must be one of - counter, gauge, histogram. Required. type: string value: - description: Filters down source data and only changes - the metric if the targeted value matches the provided - string exactly. If not present, all data matches. type: string required: - action - type type: object - description: Metrics is an action stage that supports defining - and updating metrics based on data from the extracted map. - Created metrics are not pushed to Loki or Prometheus and are - instead exposed via the /metrics endpoint of the Grafana Agent - pod. The Grafana Agent Operator should be configured with - a MetricsInstance that discovers the logging DaemonSet to - collect metrics created by this stage. type: object multiline: - description: Multiline stage merges multiple lines into a multiline - block before passing it on to the next stage in the pipeline. properties: firstLine: - description: RE2 regular expression. Creates a new multiline - block when matched. Required. type: string maxLines: - description: Maximum number of lines a block can have. A - new block is started if the number of lines surpasses - this value. Defaults to 128. type: integer maxWaitTime: - description: Maximum time to wait before passing on the - multiline block to the next stage if no new lines are - received. Defaults to 3s. type: string required: - firstLine type: object output: - description: Output stage is an action stage that takes data - from the extracted map and changes the log line that will - be sent to Loki. properties: source: - description: Name from extract data to use for the log entry. - Required. type: string required: - source type: object pack: - description: Pack is a transform stage that lets you embed extracted - values and labels into the log line by packing the log line - and labels inside of a JSON object. properties: ingestTimestamp: - description: If the resulting log line should use any existing - timestamp or use time.Now() when the line was created. - Set to true when combining several log streams from different - containers to avoid out of order errors. type: boolean labels: - description: Name from extracted data or line labels. Required. - Labels provided here are automatically removed from output - labels. items: type: string type: array @@ -346,107 +167,57 @@ spec: - labels type: object regex: - description: Regex is a parsing stage that parses a log line - using a regular expression. Named capture groups in the regex - allows for adding data into the extracted map. properties: expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. type: string source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. type: string required: - expression type: object replace: - description: Replace is a parsing stage that parses a log line - using a regular expression and replaces the log line. Named - capture groups in the regex allows for adding data into the - extracted map. properties: expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. type: string replace: - description: Value to replace the captured group with. type: string source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. type: string required: - expression type: object template: - description: Template is a transform stage that manipulates - the values in the extracted map using Go's template syntax. properties: source: - description: Name from extracted data to parse. Required. - If empty, defaults to using the log message. type: string template: - description: Go template string to use. Required. In addition - to normal template functions, ToLower, ToUpper, Replace, - Trim, TrimLeft, TrimRight, TrimPrefix, and TrimSpace are - also available. type: string required: - source - template type: object tenant: - description: Tenant is an action stage that sets the tenant - ID for the log entry picking it from a field in the extracted - data map. If the field is missing, the default LogsClientSpec.tenantId - will be used. properties: label: - description: Name from labels whose value should be set - as tenant ID. Mutually exclusive with source and value. type: string source: - description: Name from extracted data to use as the tenant - ID. Mutually exclusive with label and value. type: string value: - description: Value to use for the template ID. Useful when - this stage is used within a conditional pipeline such - as match. Mutually exclusive with label and source. type: string type: object timestamp: - description: Timestamp is an action stage that can change the - timestamp of a log line before it is sent to Loki. If not - present, the timestamp of a log line defaults to the time - when the log line was read. properties: actionOnFailure: - description: Action to take when the timestamp can't be - extracted or parsed. Can be skip or fudge. Defaults to - fudge. type: string fallbackFormats: - description: Fallback formats to try if format fails. items: type: string type: array format: - description: 'Determines format of the time string. Required. - Can be one of: ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, - RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Unix, - UnixMs, UnixUs, UnixNs.' type: string location: - description: IANA Timezone Database string. type: string source: - description: Name from extracted data to use as the timestamp. - Required. type: string required: - format @@ -455,26 +226,14 @@ spec: type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. items: type: string type: array relabelings: - description: "RelabelConfigs to apply to logs before delivering. Grafana - Agent Operator automatically adds relabelings for a few standard - Kubernetes fields and replaces original scrape job name with __tmp_logs_job_name. - \n More info: https://grafana.com/docs/loki/latest/clients/promtail/configuration/#relabel_configs" items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. enum: - replace - Replace @@ -500,67 +259,33 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label - values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label - values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. type: string type: object type: array selector: - description: Selector to select Pod objects. Required. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -572,11 +297,6 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 4df2427768..d2ba96000f 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.39.1 + tag: v0.40.0 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From a7ede052a7a44824db99477d21f580ba4adfe72a Mon Sep 17 00:00:00 2001 From: jcreixell Date: Tue, 27 Feb 2024 13:32:10 +0100 Subject: [PATCH 149/211] Update doc Signed-off-by: jcreixell Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/agent-operator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index befe252886..09b1f5cf61 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) +![Version: 0.3.16](https://img.shields.io/badge/Version-0.3.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator From bd3913c3188f4fec8f00261122f4be5f6deb8c92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 26 Feb 2024 13:17:24 +0100 Subject: [PATCH 150/211] Separately configure automountServiceAccountToken MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/templates/_pod.tpl | 2 +- charts/grafana/values.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index 80fb466097..ed22993c96 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -5,7 +5,7 @@ schedulerName: "{{ . }}" {{- end }} serviceAccountName: {{ include "grafana.serviceAccountName" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} +automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 2 }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index a5b72c0ecb..b965d185e3 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -48,6 +48,9 @@ replicas: 1 ## Create a headless service for the deployment headlessService: false +## Should the service account be auto mounted on the pod +automountServiceAccountToken: true + ## Create HorizontalPodAutoscaler object for deployment type # autoscaling: From 8b33737b5ef0a2bcde433a9c3af7f9884c48035e Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:20:19 +0100 Subject: [PATCH 151/211] chore: Bump kiwigrid/k8s-sidecar:v1.26.0 Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 41c33cfe09..0ea5cdaf01 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -161,7 +161,7 @@ need to instead set `global.imageRegistry`. | `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | | `sidecar.image.registry` | Sidecar image registry | `quay.io` | | `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.25.6` | +| `sidecar.image.tag` | Sidecar image tag | `1.26.0` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | From 8a4f035e6c44e01b2a4706ca8c1d68ea0734315b Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:20:46 +0100 Subject: [PATCH 152/211] chore: Bump kiwigrid/k8s-sidecar:1.26.0 Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index b965d185e3..ec9584d5c0 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -836,7 +836,7 @@ sidecar: # -- The Docker registry registry: quay.io repository: kiwigrid/k8s-sidecar - tag: 1.25.6 + tag: 1.26.0 sha: "" imagePullPolicy: IfNotPresent resources: {} From 77a65b636cd979ed9e68f42c254ba49911c2fdbf Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:21:14 +0100 Subject: [PATCH 153/211] chore: Bump Chart Version Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 58b806fd97..56a93c042e 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.3 +version: 7.3.4 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From babd3b222e2a65b83e113bbbff533bc5b3b3575e Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Thu, 29 Feb 2024 08:39:53 +0100 Subject: [PATCH 154/211] Update Loki to version 2.9.5 Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 4 ++-- charts/loki-distributed/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 4535797966..5ce722bf85 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.4 -version: 0.78.3 +appVersion: 2.9.5 +version: 0.78.4 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index d9fbdd1d1e..d1aada7ba8 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.3](https://img.shields.io/badge/Version-0.78.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.4](https://img.shields.io/badge/AppVersion-2.9.4-informational?style=flat-square) +![Version: 0.78.4](https://img.shields.io/badge/Version-0.78.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.5](https://img.shields.io/badge/AppVersion-2.9.5-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 6162f55ec4f4f2eab4ba46fa05653606f22a9496 Mon Sep 17 00:00:00 2001 From: Jan Jansen Date: Thu, 7 Dec 2023 08:46:58 +0100 Subject: [PATCH 155/211] [tempo-distributed] switch to new overrides format Signed-off-by: Jan Jansen --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 15 ++++++++++----- charts/tempo-distributed/README.md.gotmpl | 12 +++++++++--- charts/tempo-distributed/values.yaml | 8 -------- 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 6e04c1a684..5f9ec77378 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.8.4 +version: 1.8.5 appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 2518eeec02..de831de8bb 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.8.4](https://img.shields.io/badge/Version-1.8.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.8.5](https://img.shields.io/badge/Version-1.8.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -45,6 +45,10 @@ The command removes all the Kubernetes components associated with the chart and A major chart version change indicates that there is an incompatible breaking change needing manual actions. +### From Chart versions < 1.8.0 + +Switch to new overrides format, see https://grafana.com/docs/tempo/latest/configuration/#overrides. + ### From Chart versions < 1.6.0 The metrics generator component in the chart has been disabled by default, but the configuration for the processors was not empty, resulting error sin the distributor log. Here we align the default metrics generator config settings to both disable the generator and remove processors. Users who wish to keep the their processors enabled, will need to update their values. @@ -452,7 +456,6 @@ The memcached default args are removed and should be provided manually. The sett | global.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets for all images, excluding enterprise. Names of existing secrets with private container registry credentials. Ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod Example: pullSecrets: [ my-dockerconfigjson-secret ] | | global.image.registry | string | `"docker.io"` | Overrides the Docker registry globally for all images, excluding enterprise. | | global.priorityClassName | string | `nil` | Overrides the priorityClassName for all pods | -| global_overrides.metrics_generator_processors | list | `[]` | List of enabled metrics generator processors ([service-graphs, span-metrics]) | | global_overrides.per_tenant_override_config | string | `"/runtime-config/overrides.yaml"` | | | ingester.affinity | string | Soft node and soft zone anti-affinity | Affinity for ingester pods. Passed through `tpl` and, thus, to be configured as string | | ingester.annotations | object | `{}` | Annotations for the ingester StatefulSet | @@ -840,9 +843,11 @@ metricsGenerator: # x-scope-orgid: operations # Global overrides global_overrides: - metrics_generator_processors: - - service-graphs - - span-metrics + defaults: + metrics_generator: + processors: + - service-graphs + - span-metrics ``` ---- diff --git a/charts/tempo-distributed/README.md.gotmpl b/charts/tempo-distributed/README.md.gotmpl index 2df88f9e03..72219e0359 100644 --- a/charts/tempo-distributed/README.md.gotmpl +++ b/charts/tempo-distributed/README.md.gotmpl @@ -39,6 +39,10 @@ The command removes all the Kubernetes components associated with the chart and A major chart version change indicates that there is an incompatible breaking change needing manual actions. +### From Chart versions < 1.8.0 + +Switch to new overrides format, see https://grafana.com/docs/tempo/latest/configuration/#overrides. + ### From Chart versions < 1.6.0 The metrics generator component in the chart has been disabled by default, but the configuration for the processors was not empty, resulting error sin the distributor log. Here we align the default metrics generator config settings to both disable the generator and remove processors. Users who wish to keep the their processors enabled, will need to update their values. @@ -261,9 +265,11 @@ metricsGenerator: # x-scope-orgid: operations # Global overrides global_overrides: - metrics_generator_processors: - - service-graphs - - span-metrics + defaults: + metrics_generator: + processors: + - service-graphs + - span-metrics ``` ---- diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 71b84f4dff..3955e5c1bd 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1255,12 +1255,6 @@ config: | - dns+{{ include "tempo.fullname" . }}-gossip-ring:{{ .Values.memberlist.bind_port }} overrides: {{- toYaml .Values.global_overrides | nindent 2 }} - {{- if .Values.metricsGenerator.enabled }} - metrics_generator_processors: - {{- range .Values.global_overrides.metrics_generator_processors }} - - {{ . }} - {{- end }} - {{- end }} server: http_listen_port: {{ .Values.server.httpListenPort }} log_level: {{ .Values.server.logLevel }} @@ -1359,8 +1353,6 @@ storage: # Global overrides global_overrides: per_tenant_override_config: /runtime-config/overrides.yaml - # -- List of enabled metrics generator processors ([service-graphs, span-metrics]) - metrics_generator_processors: [] # Per tenants overrides overrides: | From 3831194ba2abd2a0ca7a14ca00e578f8e9d2abc6 Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Thu, 29 Feb 2024 15:18:31 -0500 Subject: [PATCH 156/211] [agent-operator] update helm chart for v0.40.1 (#3004) Signed-off-by: Robert Fratto --- charts/agent-operator/Chart.yaml | 4 ++-- charts/agent-operator/README.md | 4 ++-- charts/agent-operator/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index ed134809be..19bbce5cb8 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.16 -appVersion: "0.40.0" +version: 0.3.17 +appVersion: "0.40.1" home: https://grafana.com/docs/agent/v0.40/ icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png sources: diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 09b1f5cf61..f9f3657974 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.16](https://img.shields.io/badge/Version-0.3.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) +![Version: 0.3.17](https://img.shields.io/badge/Version-0.3.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.1](https://img.shields.io/badge/AppVersion-0.40.1-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.40.0"` | Image tag | +| image.tag | string | `"v0.40.1"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index d2ba96000f..3592169353 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.40.0 + tag: v0.40.1 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From c496df41b1c7a0187ccf93aa37c43d155b9a8c1b Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Tue, 5 Mar 2024 16:20:17 -0500 Subject: [PATCH 157/211] [agent-operator] Bump version of Grafana Agent to v0.40.2 (#3007) Signed-off-by: Robert Fratto --- charts/agent-operator/Chart.yaml | 4 ++-- charts/agent-operator/README.md | 4 ++-- charts/agent-operator/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 19bbce5cb8..f709132ebb 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.17 -appVersion: "0.40.1" +version: 0.3.18 +appVersion: "0.40.2" home: https://grafana.com/docs/agent/v0.40/ icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png sources: diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index f9f3657974..79833c180e 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.17](https://img.shields.io/badge/Version-0.3.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.1](https://img.shields.io/badge/AppVersion-0.40.1-informational?style=flat-square) +![Version: 0.3.18](https://img.shields.io/badge/Version-0.3.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.2](https://img.shields.io/badge/AppVersion-0.40.2-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.40.1"` | Image tag | +| image.tag | string | `"v0.40.2"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 3592169353..cd1c3618cb 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.40.1 + tag: v0.40.2 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 1fdc908daf5326c54b6c333c3391aced39c4be4d Mon Sep 17 00:00:00 2001 From: Tero Paloheimo Date: Fri, 8 Mar 2024 19:14:51 +0200 Subject: [PATCH 158/211] [grafana] Update to version 10.4.0 Signed-off-by: Tero Paloheimo --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 58b806fd97..839240051d 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.3.3 -appVersion: 10.3.3 +version: 7.3.4 +appVersion: 10.4.0 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From e510ba7e52b8c6b1fae46de38f5cf38875aa2355 Mon Sep 17 00:00:00 2001 From: MH Date: Mon, 11 Mar 2024 16:26:32 +0800 Subject: [PATCH 159/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 56a93c042e..27d41d8200 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.4 +version: 7.3.5 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 94d460c37d11577460112d8c28947cf576210992 Mon Sep 17 00:00:00 2001 From: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Mon, 11 Mar 2024 09:39:15 +0100 Subject: [PATCH 160/211] [grafana] bump kiwigrid/k8s-sidecar to 1.26.1 Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/Chart.yaml | 2 +- charts/grafana/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 27d41d8200..0d8eb8364d 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.5 +version: 7.3.6 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 65dabd2506..81fcda59a0 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -839,7 +839,7 @@ sidecar: # -- The Docker registry registry: quay.io repository: kiwigrid/k8s-sidecar - tag: 1.26.0 + tag: 1.26.1 sha: "" imagePullPolicy: IfNotPresent resources: {} From 1b924fd98cce79db48b97840e555eb3d8ef1817d Mon Sep 17 00:00:00 2001 From: Piotr Gwizdala <17101802+thampiotr@users.noreply.github.com> Date: Thu, 14 Mar 2024 16:42:48 +0000 Subject: [PATCH 161/211] [agent-operator] update helm chart to use new agent version Signed-off-by: Piotr Gwizdala <17101802+thampiotr@users.noreply.github.com> --- charts/agent-operator/Chart.yaml | 8 ++++---- charts/agent-operator/README.md | 6 +++--- charts/agent-operator/values.yaml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index f709132ebb..d9125e9eba 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.18 -appVersion: "0.40.2" +version: 0.3.19 +appVersion: "0.40.3" home: https://grafana.com/docs/agent/v0.40/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png +icon: https://raw.githubusercontent.com/grafana/agent/v0.40.3/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.40.0/pkg/operator + - https://github.com/grafana/agent/tree/v0.40.3/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 79833c180e..7a5187eee1 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.18](https://img.shields.io/badge/Version-0.3.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.2](https://img.shields.io/badge/AppVersion-0.40.2-informational?style=flat-square) +![Version: 0.3.19](https://img.shields.io/badge/Version-0.3.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.3](https://img.shields.io/badge/AppVersion-0.40.3-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.40.2"` | Image tag | +| image.tag | string | `"v0.40.3"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index cd1c3618cb..57d3991f65 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.40.2 + tag: v0.40.3 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 493018983d58813ec1d53059c064ada2b3f0415d Mon Sep 17 00:00:00 2001 From: Fausto David Suarez Rosario Date: Mon, 4 Mar 2024 23:24:19 +0100 Subject: [PATCH 162/211] use new cache config, update tempo to 2.4, update chart version Signed-off-by: Fausto David Suarez Rosario --- charts/tempo-distributed/Chart.yaml | 4 ++-- charts/tempo-distributed/values.yaml | 22 ++++++++++++++-------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 5f9ec77378..1e0da083bd 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.8.5 -appVersion: 2.3.1 +version: 1.9.0 +appVersion: 2.4.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 3955e5c1bd..4e64b1bf8d 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1263,6 +1263,20 @@ config: | grpc_server_max_send_msg_size: {{ .Values.server.grpc_server_max_send_msg_size }} http_server_read_timeout: {{ .Values.server.http_server_read_timeout }} http_server_write_timeout: {{ .Values.server.http_server_write_timeout }} + {{- if .Values.memcached.enabled }} + cache: + caches: + - roles: + - parquet-footer + - parquet-column-idx + - parquet-offset-idx + - frontend-search + memcached: + consistent_hash: true + host: {{ include "tempo.fullname" . }}-memcached + service: memcached-client + timeout: 500ms + {{- end }} storage: trace: {{- if .Values.storage.trace.block.version }} @@ -1294,14 +1308,6 @@ config: | path: /var/tempo/traces wal: path: /var/tempo/wal - {{- if .Values.memcached.enabled }} - cache: memcached - memcached: - consistent_hash: true - host: {{ include "tempo.fullname" . }}-memcached - service: memcached-client - timeout: 500ms - {{- end }} # Set Tempo server configuration # Refers to https://grafana.com/docs/tempo/latest/configuration/#server From 28bb52592b5d59518db785be7d0138f79a422cc2 Mon Sep 17 00:00:00 2001 From: Fausto David Suarez Rosario Date: Mon, 4 Mar 2024 23:28:53 +0100 Subject: [PATCH 163/211] update docs Signed-off-by: Fausto David Suarez Rosario --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index de831de8bb..4c91447334 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.8.5](https://img.shields.io/badge/Version-1.8.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.9.0](https://img.shields.io/badge/Version-1.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square) Grafana Tempo in MicroService mode From 4b1fdf03cc1d8dbf1445a6c3442d581380d247f4 Mon Sep 17 00:00:00 2001 From: Fausto David Suarez Rosario Date: Mon, 4 Mar 2024 23:38:25 +0100 Subject: [PATCH 164/211] Add bloom to the cache role Signed-off-by: Fausto David Suarez Rosario --- charts/tempo-distributed/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 4e64b1bf8d..428af32fc4 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1270,6 +1270,7 @@ config: | - parquet-footer - parquet-column-idx - parquet-offset-idx + - bloom - frontend-search memcached: consistent_hash: true From 5fd216a760d52a5ba88536c2a410f3ad3195516b Mon Sep 17 00:00:00 2001 From: Fausto David Suarez Rosario Date: Thu, 14 Mar 2024 20:28:28 +0100 Subject: [PATCH 165/211] make cache configurable and add comments Signed-off-by: Fausto David Suarez Rosario --- charts/tempo-distributed/README.md | 7 +++++++ charts/tempo-distributed/values.yaml | 30 +++++++++++++++------------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 4c91447334..9fafbd224c 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -244,6 +244,13 @@ The memcached default args are removed and should be provided manually. The sett | adminApi.terminationGracePeriodSeconds | int | `60` | | | adminApi.tolerations | list | `[]` | | | adminApi.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for admin-api pods. Passed through `tpl` and, thus, to be configured as string | +| cache.caches[0].memcached.consistent_hash | bool | `true` | | +| cache.caches[0].memcached.host | string | `"{{ include \"tempo.fullname\" . }}-memcached"` | | +| cache.caches[0].memcached.service | string | `"memcached-client"` | | +| cache.caches[0].memcached.timeout | string | `"500ms"` | | +| cache.caches[0].roles[0] | string | `"parquet-footer"` | | +| cache.caches[0].roles[1] | string | `"bloom"` | | +| cache.caches[0].roles[2] | string | `"frontend-search"` | | | compactor.config.compaction.block_retention | string | `"48h"` | Duration to keep blocks | | compactor.config.compaction.compacted_block_retention | string | `"1h"` | | | compactor.config.compaction.compaction_cycle | string | `"30s"` | The time between compaction cycles | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 428af32fc4..a35fabef0f 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1263,21 +1263,8 @@ config: | grpc_server_max_send_msg_size: {{ .Values.server.grpc_server_max_send_msg_size }} http_server_read_timeout: {{ .Values.server.http_server_read_timeout }} http_server_write_timeout: {{ .Values.server.http_server_write_timeout }} - {{- if .Values.memcached.enabled }} cache: - caches: - - roles: - - parquet-footer - - parquet-column-idx - - parquet-offset-idx - - bloom - - frontend-search - memcached: - consistent_hash: true - host: {{ include "tempo.fullname" . }}-memcached - service: memcached-client - timeout: 500ms - {{- end }} + {{- toYaml .Values.cache | nindent 2}} storage: trace: {{- if .Values.storage.trace.block.version }} @@ -1328,6 +1315,21 @@ server: # -- Write timeout for HTTP server http_server_write_timeout: 30s +# Use this block to configure caches available throughout the application. +# Multiple caches can be created and assigned roles which determine how they are used by Tempo. +# https://grafana.com/docs/tempo/latest/configuration/#cache +cache: + caches: + - memcached: + host: '{{ include "tempo.fullname" . }}-memcached' + service: memcached-client + consistent_hash: true + timeout: 500ms + roles: + - parquet-footer + - bloom + - frontend-search + # To configure a different storage backend instead of local storage: # storage: # trace: From abc03f1ad59f36c27a1725e24acd790717f2ed6e Mon Sep 17 00:00:00 2001 From: Pete Wall Date: Tue, 19 Mar 2024 10:28:59 -0500 Subject: [PATCH 166/211] Add info about the Kubernetes Monitoring helm chart and a reference to its source repository. Signed-off-by: Pete Wall --- charts/k8s-monitoring/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 charts/k8s-monitoring/README.md diff --git a/charts/k8s-monitoring/README.md b/charts/k8s-monitoring/README.md new file mode 100644 index 0000000000..eda14dbec7 --- /dev/null +++ b/charts/k8s-monitoring/README.md @@ -0,0 +1,8 @@ +# Kubernetes Monitoring chart + +The source for the Kubernetes Monitoring Helm chart can be found at +. +Releases of the chart are still published to the +repository. + +If you have any issues with this chart, please file them on the [Kubernetes Monitoring Helm chart][https://github.com/grafana/k8s-monitoring-helm] repository. From a48b70f066d70d134a55962b2eb83d5e94fd6b94 Mon Sep 17 00:00:00 2001 From: Pete Wall Date: Tue, 19 Mar 2024 12:55:53 -0500 Subject: [PATCH 167/211] Update README.md Signed-off-by: Pete Wall --- charts/k8s-monitoring/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/k8s-monitoring/README.md b/charts/k8s-monitoring/README.md index eda14dbec7..cb8bfad19c 100644 --- a/charts/k8s-monitoring/README.md +++ b/charts/k8s-monitoring/README.md @@ -5,4 +5,4 @@ The source for the Kubernetes Monitoring Helm chart can be found at Releases of the chart are still published to the repository. -If you have any issues with this chart, please file them on the [Kubernetes Monitoring Helm chart][https://github.com/grafana/k8s-monitoring-helm] repository. +If you have any issues with this chart, please file them on the [Kubernetes Monitoring Helm chart](https://github.com/grafana/k8s-monitoring-helm) repository. From 6d17b3fccc459f3f0490d046981a7b7528c266ca Mon Sep 17 00:00:00 2001 From: AvivGuiser Date: Tue, 26 Mar 2024 17:32:11 +0200 Subject: [PATCH 168/211] [tempo-distributed]: add action to to relable Signed-off-by: AvivGuiser --- charts/tempo-distributed/templates/lib/service-monitor.tpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/tempo-distributed/templates/lib/service-monitor.tpl b/charts/tempo-distributed/templates/lib/service-monitor.tpl index a068dff4a4..896110f61b 100644 --- a/charts/tempo-distributed/templates/lib/service-monitor.tpl +++ b/charts/tempo-distributed/templates/lib/service-monitor.tpl @@ -47,7 +47,8 @@ spec: scrapeTimeout: {{ . }} {{- end }} relabelings: - - sourceLabels: [job] + - action: replace + sourceLabels: [job] replacement: "{{ $.ctx.Release.Namespace }}/{{ $.component }}" targetLabel: job {{- if kindIs "string" .clusterLabel }} From 9f4977690ec32a652182352c45773279c4f3c499 Mon Sep 17 00:00:00 2001 From: AvivGuiser Date: Tue, 26 Mar 2024 17:35:21 +0200 Subject: [PATCH 169/211] [tempo-distributed]: bump chart version Signed-off-by: AvivGuiser --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 1e0da083bd..e9936a850e 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.0 +version: 1.9.1 appVersion: 2.4.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From e9bbb485d1a7ce165e427d01095552dec30d479f Mon Sep 17 00:00:00 2001 From: Heds Simons Date: Tue, 26 Mar 2024 16:56:12 -0700 Subject: [PATCH 170/211] [tempo-distributed] Update GET to v2.4.0, bump Tempo to v2.4.1. Latest GET release moves to Tempo base v2.4.1 and includes Arm builds. Signed-off-by: Heds Simons --- charts/tempo-distributed/Chart.yaml | 4 ++-- charts/tempo-distributed/README.md | 4 ++-- charts/tempo-distributed/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 1e0da083bd..ebf70e588a 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.0 -appVersion: 2.4.0 +version: 1.9.1 +appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 9fafbd224c..02f86079f6 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.0](https://img.shields.io/badge/Version-1.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square) +![Version: 1.9.1](https://img.shields.io/badge/Version-1.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -326,7 +326,7 @@ The memcached default args are removed and should be provided manually. The sett | distributor.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for distributor pods. Passed through `tpl` and, thus, to be configured as string | | enterprise.enabled | bool | `false` | | | enterprise.image.repository | string | `"grafana/enterprise-traces"` | Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' | -| enterprise.image.tag | string | `"v2.3.2"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | +| enterprise.image.tag | string | `"v2.4.0"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | | enterpriseFederationFrontend.affinity | string | Hard node and soft zone anti-affinity | Affinity for federation-frontend pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseFederationFrontend.autoscaling.enabled | bool | `false` | Enable autoscaling for the federation-frontend | | enterpriseFederationFrontend.autoscaling.maxReplicas | int | `3` | Maximum autoscaling replicas for the federation-frontend | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index a35fabef0f..1a5c825f50 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1875,7 +1875,7 @@ enterprise: # -- Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' repository: grafana/enterprise-traces # -- Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' - tag: v2.3.2 + tag: v2.4.0 # Note: pullPolicy and optional pullSecrets are set in toplevel 'image' section, not here # In order to use Grafana Enterprise Traces features, you will need to provide the contents of your Grafana Enterprise Traces From 0dfb439bf49e3cf27b5e75fe2c6d680f369aa181 Mon Sep 17 00:00:00 2001 From: Ivan Zareichuk Date: Fri, 29 Mar 2024 17:13:21 +0200 Subject: [PATCH 171/211] Add override for test image in agent-operator Signed-off-by: Ivan Zareichuk --- charts/agent-operator/Chart.yaml | 2 +- charts/agent-operator/README.md | 3 +++ .../templates/tests/test-grafanaagent.yaml | 4 ++-- charts/agent-operator/values.yaml | 9 +++++++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index d9125e9eba..769bc0b7af 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.19 +version: 0.3.20 appVersion: "0.40.3" home: https://grafana.com/docs/agent/v0.40/ icon: https://raw.githubusercontent.com/grafana/agent/v0.40.3/docs/sources/assets/logo_and_name.png diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 7a5187eee1..af69bb038c 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -64,6 +64,9 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | | image.tag | string | `"v0.40.3"` | Image tag | +| test.image.registry | string | `"docker.io"` | Test image registry | +| test.image.repository | string | `"library/busybox"` | Test image repo | +| test.image.tag | string | `"latest"` | Test image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/templates/tests/test-grafanaagent.yaml b/charts/agent-operator/templates/tests/test-grafanaagent.yaml index 9e9d9132de..4001da4e9e 100644 --- a/charts/agent-operator/templates/tests/test-grafanaagent.yaml +++ b/charts/agent-operator/templates/tests/test-grafanaagent.yaml @@ -107,12 +107,12 @@ metadata: spec: containers: - name: busybox - image: busybox + image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" command: ['wget'] args: ['grafana-agent-test-operated:8080/-/healthy'] # Wait for GrafanaAgent CR initContainers: - name: sleep - image: busybox + image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" command: ['sleep', '60'] restartPolicy: Never diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 57d3991f65..2c75016249 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -43,6 +43,15 @@ image: # -- Image pull secrets pullSecrets: [] +test: + image: + # -- Test image registry + registry: docker.io + # -- Test image repo + repository: library/busybox + # -- Test image tag + tag: latest + # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 From eb62f384704453389d96d5758563b65289515291 Mon Sep 17 00:00:00 2001 From: Gritzko Daniel Kleiner Date: Sun, 31 Mar 2024 16:32:02 +0200 Subject: [PATCH 172/211] chore: related issues: - #2558 - #2493 - #1391 - #2126 Signed-off-by: Gritzko Daniel Kleiner --- charts/grafana/Chart.yaml | 2 +- charts/grafana/templates/_helpers.tpl | 12 +++++------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index ab3f6a3636..7127c28b43 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.7 +version: 7.3.8 appVersion: 10.4.0 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index 790d5a293a..570b92742c 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -145,13 +145,11 @@ Return the appropriate apiVersion for ingress. Return the appropriate apiVersion for Horizontal Pod Autoscaler. */}} {{- define "grafana.hpa.apiVersion" -}} -{{- if $.Capabilities.APIVersions.Has "autoscaling/v2/HorizontalPodAutoscaler" }} -{{- print "autoscaling/v2" }} -{{- else if $.Capabilities.APIVersions.Has "autoscaling/v2beta2/HorizontalPodAutoscaler" }} -{{- print "autoscaling/v2beta2" }} -{{- else }} -{{- print "autoscaling/v2beta1" }} -{{- end }} + {{- if .Capabilities.APIVersions.Has "autoscaling/v2" }} + {{- "autoscaling/v2" }} + {{- else }} + {{- "autoscaling/v2beta2" }} + {{- end }} {{- end }} {{/* From eec567ad39da2bb8afff081dfcd5111b777f11c3 Mon Sep 17 00:00:00 2001 From: Ivan Zareichuk Date: Mon, 1 Apr 2024 10:16:21 +0300 Subject: [PATCH 173/211] Run helm-docs Signed-off-by: Ivan Zareichuk --- charts/agent-operator/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index af69bb038c..49afcf11e2 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.19](https://img.shields.io/badge/Version-0.3.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.3](https://img.shields.io/badge/AppVersion-0.40.3-informational?style=flat-square) +![Version: 0.3.20](https://img.shields.io/badge/Version-0.3.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.3](https://img.shields.io/badge/AppVersion-0.40.3-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -64,9 +64,6 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | | image.tag | string | `"v0.40.3"` | Image tag | -| test.image.registry | string | `"docker.io"` | Test image registry | -| test.image.repository | string | `"library/busybox"` | Test image repo | -| test.image.tag | string | `"latest"` | Test image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | @@ -78,4 +75,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | resources | object | `{}` | Resource limits and requests config | | serviceAccount.create | bool | `true` | Toggle to create ServiceAccount | | serviceAccount.name | string | `nil` | Service account name | +| test.image.registry | string | `"docker.io"` | Test image registry | +| test.image.repository | string | `"library/busybox"` | Test image repo | +| test.image.tag | string | `"latest"` | Test image tag | | tolerations | list | `[]` | Tolerations applied to Pods | From 9b57e57657f616e53ceddc9222040d2cfb60c2b1 Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Tue, 2 Apr 2024 13:52:31 +0200 Subject: [PATCH 174/211] Update Loki to version 2.9.6 Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 4 ++-- charts/loki-distributed/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 5ce722bf85..efdd9ead60 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.5 -version: 0.78.4 +appVersion: 2.9.6 +version: 0.78.5 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index d1aada7ba8..c84763a8ff 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.4](https://img.shields.io/badge/Version-0.78.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.5](https://img.shields.io/badge/AppVersion-2.9.5-informational?style=flat-square) +![Version: 0.78.5](https://img.shields.io/badge/Version-0.78.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.6](https://img.shields.io/badge/AppVersion-2.9.6-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 3761a1f71151edcf2f91cd5aa503ab09cb8e2647 Mon Sep 17 00:00:00 2001 From: Robert Lankford Date: Thu, 4 Apr 2024 11:12:11 -0700 Subject: [PATCH 175/211] [grafana-sampling] add sampling helm chart (#2918) * add sampling helm chart Signed-off-by: Robbie Lankford * wire metrics generation toggle Signed-off-by: Robbie Lankford * add simpified sampling policies Signed-off-by: Robbie Lankford * set 2 replicas and disable autoscaling by default Signed-off-by: Robbie Lankford * set back to 1 replicas by default to pass ci tests Signed-off-by: Robbie Lankford * use kubernetes resolver for loadbalancing exporter Signed-off-by: Robbie Lankford * add README.md Signed-off-by: Robbie Lankford * helm-docs Signed-off-by: Robbie Lankford * helm-docs Signed-off-by: Robbie Lankford * update helm-docs; add decision wait Signed-off-by: Robbie Lankford * helm-docs and fix typo Signed-off-by: Robbie Lankford * quote decision_wait Signed-off-by: Robbie Lankford * add transform to drop unneeded resource attributes for spanmetrics Signed-off-by: Robbie Lankford * more doc updates Signed-off-by: Robbie Lankford * more doc updates Signed-off-by: Robbie Lankford * move sampling to grafana-sampling Signed-off-by: Robbie Lankford * additional docs updates Signed-off-by: Robbie Lankford * remove sample file Signed-off-by: Robbie Lankford * shorten names to pass tests Signed-off-by: Robbie Lankford * update png and metrics pipeline order based on PR review Signed-off-by: Robbie Lankford * remove k8s.pod.name from default dimensions Signed-off-by: Robbie Lankford --------- Signed-off-by: Robbie Lankford --- charts/grafana-sampling/.helmignore | 23 +++ charts/grafana-sampling/Chart.lock | 9 ++ charts/grafana-sampling/Chart.yaml | 18 +++ charts/grafana-sampling/README.md | 124 ++++++++++++++++ charts/grafana-sampling/README.md.gotmpl | 63 ++++++++ .../sampling-architecture.png | Bin 0 -> 218180 bytes .../_agent_config_deployment.river.txt | 5 + .../_agent_config_statefulset.river.txt | 18 +++ .../grafana-sampling/templates/_helpers.tpl | 9 ++ .../templates/_otelcol_auth_basic.river.txt | 8 + .../_otelcol_connector_servicegraph.river.txt | 20 +++ .../_otelcol_connector_spanmetrics.river.txt | 26 ++++ .../_otelcol_exporter_loadbalancing.river.txt | 22 +++ .../_otelcol_exporter_otlp.river.txt | 10 ++ .../_otelcol_exporter_prometheus.river.txt | 8 + .../_otelcol_processor_batch.river.txt | 22 +++ .../_otelcol_processor_filter.river.txt | 17 +++ ..._otelcol_processor_tail_sampling.river.txt | 60 ++++++++ .../_otelcol_processor_transform.river.txt | 46 ++++++ .../_otelcol_receiver_otlp.river.txt | 39 +++++ .../_prometheus_remote_write.river.txt | 20 +++ .../templates/configmap_deployment.yaml | 8 + .../templates/configmap_statefulset.yaml | 8 + charts/grafana-sampling/values.yaml | 140 ++++++++++++++++++ 24 files changed, 723 insertions(+) create mode 100644 charts/grafana-sampling/.helmignore create mode 100644 charts/grafana-sampling/Chart.lock create mode 100644 charts/grafana-sampling/Chart.yaml create mode 100644 charts/grafana-sampling/README.md create mode 100644 charts/grafana-sampling/README.md.gotmpl create mode 100644 charts/grafana-sampling/sampling-architecture.png create mode 100644 charts/grafana-sampling/templates/_agent_config_deployment.river.txt create mode 100644 charts/grafana-sampling/templates/_agent_config_statefulset.river.txt create mode 100644 charts/grafana-sampling/templates/_helpers.tpl create mode 100644 charts/grafana-sampling/templates/_otelcol_auth_basic.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_connector_servicegraph.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_connector_spanmetrics.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_exporter_loadbalancing.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_exporter_otlp.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_exporter_prometheus.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_processor_filter.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_processor_tail_sampling.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_processor_transform.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_receiver_otlp.river.txt create mode 100644 charts/grafana-sampling/templates/_prometheus_remote_write.river.txt create mode 100644 charts/grafana-sampling/templates/configmap_deployment.yaml create mode 100644 charts/grafana-sampling/templates/configmap_statefulset.yaml create mode 100644 charts/grafana-sampling/values.yaml diff --git a/charts/grafana-sampling/.helmignore b/charts/grafana-sampling/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/charts/grafana-sampling/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/grafana-sampling/Chart.lock b/charts/grafana-sampling/Chart.lock new file mode 100644 index 0000000000..a54564640a --- /dev/null +++ b/charts/grafana-sampling/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: grafana-agent + repository: https://grafana.github.io/helm-charts + version: 0.36.0 +- name: grafana-agent + repository: https://grafana.github.io/helm-charts + version: 0.36.0 +digest: sha256:6d04a55dce2c09c4c250c6453e0d58f7280750bf04fce51027b4e235062413e5 +generated: "2024-03-11T15:41:30.921516-07:00" diff --git a/charts/grafana-sampling/Chart.yaml b/charts/grafana-sampling/Chart.yaml new file mode 100644 index 0000000000..44e076b128 --- /dev/null +++ b/charts/grafana-sampling/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: grafana-sampling +description: A Helm chart for a layered OTLP tail sampling and metrics generation pipeline. +type: application +version: 0.1.0 +appVersion: "v0.40.2" +sources: + - https://github.com/grafana/agent + - https://grafana.com/docs/grafana-cloud/monitor-applications/application-observability/setup/sampling/tail/ +dependencies: + - name: grafana-agent + version: 0.36.0 + repository: https://grafana.github.io/helm-charts + alias: grafana-agent-deployment + - name: grafana-agent + version: 0.36.0 + repository: https://grafana.github.io/helm-charts + alias: grafana-agent-statefulset diff --git a/charts/grafana-sampling/README.md b/charts/grafana-sampling/README.md new file mode 100644 index 0000000000..6ad9785b72 --- /dev/null +++ b/charts/grafana-sampling/README.md @@ -0,0 +1,124 @@ +# grafana-sampling + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.40.2](https://img.shields.io/badge/AppVersion-v0.40.2-informational?style=flat-square) + +A Helm chart for a layered OTLP tail sampling and metrics generation pipeline. + +This chart deploys the following architecture to your environment: +![Photo of sampling architecture](./sampling-architecture.png) + +Note: by default, only OTLP traces are accepted at the load balancing layer. + +## Chart Repo + +Add the following repo to use the chart: + +```console +helm repo add grafana https://grafana.github.io/helm-charts +``` +## Installing the Chart + +Use the following command to install the chart with the release name `my-release`. Make sure to populate the required values. + +```console +helm install my-release grafana/grafana-sampling --values - < + - name: GRAFANA_CLOUD_PROMETHEUS_URL + value: + - name: GRAFANA_CLOUD_PROMETHEUS_USERNAME + value: + - name: GRAFANA_CLOUD_TEMPO_ENDPOINT + value: + - name: GRAFANA_CLOUD_TEMPO_USERNAME + value: + # This is required for adaptive metric deduplication in Grafana Cloud + - name: POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid +EOF +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading + +A major chart version change indicates that there is an incompatible breaking change needing manual actions. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| grafana-agent-deployment.agent.configMap.create | bool | `false` | | +| grafana-agent-deployment.agent.extraPorts[0].name | string | `"otlp-grpc"` | | +| grafana-agent-deployment.agent.extraPorts[0].port | int | `4317` | | +| grafana-agent-deployment.agent.extraPorts[0].protocol | string | `"TCP"` | | +| grafana-agent-deployment.agent.extraPorts[0].targetPort | int | `4317` | | +| grafana-agent-deployment.agent.extraPorts[1].name | string | `"otlp-http"` | | +| grafana-agent-deployment.agent.extraPorts[1].port | int | `4318` | | +| grafana-agent-deployment.agent.extraPorts[1].protocol | string | `"TCP"` | | +| grafana-agent-deployment.agent.extraPorts[1].targetPort | int | `4318` | | +| grafana-agent-deployment.agent.resources.requests.cpu | string | `"1"` | | +| grafana-agent-deployment.agent.resources.requests.memory | string | `"2G"` | | +| grafana-agent-deployment.controller.autoscaling.enabled | bool | `false` | Creates a HorizontalPodAutoscaler for controller type deployment. | +| grafana-agent-deployment.controller.autoscaling.maxReplicas | int | `5` | The upper limit for the number of replicas to which the autoscaler can scale up. | +| grafana-agent-deployment.controller.autoscaling.minReplicas | int | `2` | The lower limit for the number of replicas to which the autoscaler can scale down. | +| grafana-agent-deployment.controller.autoscaling.targetCPUUtilizationPercentage | int | `0` | Average CPU utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetCPUUtilizationPercentage` to 0 will disable CPU scaling. | +| grafana-agent-deployment.controller.autoscaling.targetMemoryUtilizationPercentage | int | `80` | Average Memory utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetMemoryUtilizationPercentage` to 0 will disable Memory scaling. | +| grafana-agent-deployment.controller.replicas | int | `1` | | +| grafana-agent-deployment.controller.type | string | `"deployment"` | | +| grafana-agent-deployment.nameOverride | string | `"deployment"` | Do not change this. | +| grafana-agent-statefulset.agent.configMap.create | bool | `false` | | +| grafana-agent-statefulset.agent.extraEnv[0].name | string | `"GRAFANA_CLOUD_API_KEY"` | | +| grafana-agent-statefulset.agent.extraEnv[0].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[1].name | string | `"GRAFANA_CLOUD_PROMETHEUS_URL"` | | +| grafana-agent-statefulset.agent.extraEnv[1].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[2].name | string | `"GRAFANA_CLOUD_PROMETHEUS_USERNAME"` | | +| grafana-agent-statefulset.agent.extraEnv[2].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[3].name | string | `"GRAFANA_CLOUD_TEMPO_ENDPOINT"` | | +| grafana-agent-statefulset.agent.extraEnv[3].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[4].name | string | `"GRAFANA_CLOUD_TEMPO_USERNAME"` | | +| grafana-agent-statefulset.agent.extraEnv[4].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[5].name | string | `"POD_UID"` | | +| grafana-agent-statefulset.agent.extraEnv[5].valueFrom.fieldRef.apiVersion | string | `"v1"` | | +| grafana-agent-statefulset.agent.extraEnv[5].valueFrom.fieldRef.fieldPath | string | `"metadata.uid"` | | +| grafana-agent-statefulset.agent.extraPorts[0].name | string | `"otlp-grpc"` | | +| grafana-agent-statefulset.agent.extraPorts[0].port | int | `4317` | | +| grafana-agent-statefulset.agent.extraPorts[0].protocol | string | `"TCP"` | | +| grafana-agent-statefulset.agent.extraPorts[0].targetPort | int | `4317` | | +| grafana-agent-statefulset.agent.resources.requests.cpu | string | `"1"` | | +| grafana-agent-statefulset.agent.resources.requests.memory | string | `"2G"` | | +| grafana-agent-statefulset.controller.autoscaling.enabled | bool | `false` | Creates a HorizontalPodAutoscaler for controller type deployment. | +| grafana-agent-statefulset.controller.autoscaling.maxReplicas | int | `5` | The upper limit for the number of replicas to which the autoscaler can scale up. | +| grafana-agent-statefulset.controller.autoscaling.minReplicas | int | `2` | The lower limit for the number of replicas to which the autoscaler can scale down. | +| grafana-agent-statefulset.controller.autoscaling.targetCPUUtilizationPercentage | int | `0` | Average CPU utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetCPUUtilizationPercentage` to 0 will disable CPU scaling. | +| grafana-agent-statefulset.controller.autoscaling.targetMemoryUtilizationPercentage | int | `80` | Average Memory utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetMemoryUtilizationPercentage` to 0 will disable Memory scaling. | +| grafana-agent-statefulset.controller.replicas | int | `1` | | +| grafana-agent-statefulset.controller.type | string | `"statefulset"` | | +| grafana-agent-statefulset.nameOverride | string | `"statefulset"` | Do not change this. | +| grafana-agent-statefulset.rbac.create | bool | `false` | | +| grafana-agent-statefulset.service.clusterIP | string | `"None"` | | +| grafana-agent-statefulset.serviceAccount.create | bool | `false` | | +| metricsGeneration.dimensions | list | `["service.namespace","service.version","deployment.environment","k8s.cluster.name"]` | Additional dimensions to add to generated metrics. | +| metricsGeneration.enabled | bool | `true` | Toggle generation of spanmetrics and servicegraph metrics. | +| sampling.decisionWait | string | `"15s"` | Wait time since the first span of a trace before making a sampling decision. | +| sampling.enabled | bool | `true` | Toggle tail sampling. | +| sampling.extraPolicies | string | A policy to sample long requests is added by default. | User-defined policies in river format. | +| sampling.failedRequests.percentage | int | `50` | Percentage of failed requests to sample. | +| sampling.failedRequests.sample | bool | `false` | Toggle sampling failed requests. | +| sampling.successfulRequests.percentage | int | `10` | Percentage of successful requests to sample. | +| sampling.successfulRequests.sample | bool | `true` | Toggle sampling successful requests. | + diff --git a/charts/grafana-sampling/README.md.gotmpl b/charts/grafana-sampling/README.md.gotmpl new file mode 100644 index 0000000000..5cae818919 --- /dev/null +++ b/charts/grafana-sampling/README.md.gotmpl @@ -0,0 +1,63 @@ +{{ template "chart.header" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +This chart deploys the following architecture to your environment: +![Photo of sampling architecture](./sampling-architecture.png) + +Note: by default, only OTLP traces are accepted at the load balancing layer. + + +## Chart Repo + +Add the following repo to use the chart: + +```console +helm repo add grafana https://grafana.github.io/helm-charts +``` +## Installing the Chart + +Use the following command to install the chart with the release name `my-release`. Make sure to populate the required values. + +```console +helm install my-release grafana/grafana-sampling --values - < + - name: GRAFANA_CLOUD_PROMETHEUS_URL + value: + - name: GRAFANA_CLOUD_PROMETHEUS_USERNAME + value: + - name: GRAFANA_CLOUD_TEMPO_ENDPOINT + value: + - name: GRAFANA_CLOUD_TEMPO_USERNAME + value: + # This is required for adaptive metric deduplication in Grafana Cloud + - name: POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid +EOF +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading + +A major chart version change indicates that there is an incompatible breaking change needing manual actions. + +{{ template "chart.valuesSection" . }} + diff --git a/charts/grafana-sampling/sampling-architecture.png b/charts/grafana-sampling/sampling-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..ebd068947d610bf81fcfcd1bf7a907bcc3446515 GIT binary patch literal 218180 zcmeFZbzIY5^gljD1p^SJq^2N(fRsp=0jMaUq%;@^(jD7SM37blM4Cx=OAcv7T0&|{ z_vis*+xN9V{XBl3&mX`4-}__nx^?ckC!Xird-qmDO@;ad%Lxz&M1AM>tp~sd8whml z2h}m)3D3HWJ%~c<D$_?mmXZd z6r+){km92Fie2N$_oG>Zg508coCV&8UZT(F>Yup&E$Q>rHSGr=rT{*{_klq)iNzGr zg&nnf9o=1>ot;av>gwowT}!hMOP8$5XHC=<)Ft{5c6f2zdbFJ@A3)2Wmyf?V|DPYg z7atTA+o69Syse}A_hn{1(*lOrPIg%jZ^UiycqL-y_K;Gm&~&-Mu`Q{6 z^or9serK!l)28$#ImFtmd%J^F=aHX7b zc{_>r6060goh}a!Upx!`Bs5t2@qT&Bj$QMP3CAQtt{HZ<8NbeqUlzf|ir}Jwg0MAY z@ESt48Riv?e;SMzrSuzFK&aD#4im;ylzPdnS{R3E z-FYSwjF%V1>7SZJgayMG8+K4!lZj1#ikjrZ-oeW-vg zD3PjnzZ-LMh*1BwOiLS*fEb|$ha@o3%M!;ojjN-h zfb-B@@(WEn`tGTl;$3_esgY0F(i>l8ryG;AsO>iat_>;?^-38F}=NqgYF&MKRwijKL8njYbvl00Qf$|z#Fq`;9-n$q~phs*It`i%yR9jrrK%-E-C@R&JdDBD~6o_GGpFxmau3tHqwV1Mi6(9q`)(ba~HVU6lif(D7&7H zxuHUpV@Og8$ERPzO+GL`xu>9~Br%;b_(&MB=Yd$DrEq3(&kib$GHfAKIkulGjEaTS zrj9RY1BUe87^IhFp{BWy@#saQV@Yzgb>80j_LQ>_3$`YdtO5nK6W+fP@%z#KNCf+S z6%B3Vo6u$%PGVOD97jS2hH^TUDY0xkCqvm~wpSM|j}j>W<)qI!)3b*yIK3_%OH`py zifB-hW+%4F0l$P_6T56FhQr)Z7(_})NMx&kA&*ztNe%VvkkG1!kc|$Bek2};{)%|! zBGWrhTqRTNakkv#wK_mbA`UB8A@X79R<5u)EAsOAYdA~qEt=q^cRU{W!}XK7;zLQ? z@Mjdae*C}!K5qt(|B9M4*k=RdU?{J!6Rc#8T-a*mYB@H0YI4*p?q*KcwH3J*y=Ba9 z5{b(NpMYt$?i_8{b`{Rrj;G4Fsp2v;*ZPi&fkd&rdy`ZH3WD-Ny6_L*VUnYlCTfwS zA<(RG^@N3t1^5>V@3DVNkzIUvwB$0W6^K@y)6O>7FZ5EPH5>jM;i1pgg(pSFo*GHL z7(Na%BWV@L^nFb-JWJB~VgPZP1;ZEb4}=$xQ+C4nX~|rqnm+wJHbqZghmd;rDf^KO ze*}?sL}NDX-~A$1uUmL8sqfGy{~1YrPTK(3CWw;Ab_Rp&iQY2!%Q%woU!Sdb_1v@s7#()dFg27tD2UaT1{g0ff(kMbBJaUMRA=j}@-nial)vBoeTd<{zO5lL=9CES&4ev&*=%W=~?erH^y zi0iJ$eprS7@&3)7=it^bs1GKL*{`Z_&`y>|-%y_eJ8>F{c!23iYqY;q@cMY~rJ+JH2a~K- z!Z_Hy!3o)HC|fNE8dbxjP9!Y}c_dV)@iXn1o5BY$wgmcY6$4jskswY71gdmf8tOrH z8m-9LN$sFs+bT`3rt=3|y)>f4J6KFTc%T&oY%R6Z}Z5eL4KRPpq6c-mKWytqbe_0;A zhbw?=`tH>r6kL}Mj8_4#N?5ZJU3y{zTRLg&6cNCreSU(=P)oaY#{LJo`A%G-MP2SB zJ;|_%zJx~>p>OWiT>oq~XNjlWC6Nmn8y*^Bj>`^qih|FIToWZp$^G8T{GV~cP|p^4 z{6Z_89oZ}txHklGg(kMM;k;DVNz0geJ3Z&i8tsgP#2?iOa-C`&cZ!S(6@|Y?FA*qGG&#<;H8h^>6@s_vLMY>w zZ+egjHC+>zPyx0Q6b36WUhHJP-u;!)G7)IJrCqaaGHU${iJ07QCzpYIp1gI6!Z_WM z!9)>BAgr{fK;GOnsCK?@{(5P|;k#rO1c}M&RylAt&!!Nc*Kh&P*OK>a=PY@!w#~UD zi3j=A4$Dnfc-cB_nv>Li(--Kw$$uel>cDYF-1*5lt3(`lPvsYx6Fz?7S4eV8{fB1) zKbk-5kQQk34baOny~%KUY8`QS^4rJ6KbuP@uX!F)9wQ5t%CC%c?+o%hiFNBl*>XW3 z>GkPoywO+{8r<(oX>zI-w$-0ViC}fv-?8XFtG;i#iv9TvpDFFJo|tu(CxK6-CKG_c8tReL`9r8G|?Til3QeRch=(<0RLn+)!;-b8EqFE8e2+OY(t(9QoxZ z(JK(#SQ$Fe7i~Jc7q%rY&%yY6AXh=_zH@2Kz$aUwbajQqnz3egW|$CTrgOr)`KhKd zaAh2fcDQ-M!D7VD;QQ7Zu9L-WZ7zt@vWHb}F#bN=^-%w@31P;l+ zY2h1N=C6!%y7b&}zprWg2*`e@$&VR6^6n%_jyHoyYX&L^Ou4-}(?LslG*7CjqHrIJ zF`9^hwi$Y zetK`?tcBgLJZ&-iEfSXdNz!9I`e##Jxh)p4u)Q3X{p51|v$FDhHVj^Qyitf=aC>_+ zGHZrmG5s-=_na3uW-@PTY0%u*R$4`{{`z9|CiBJp6*pa0|I3cE=^kZWL*-GmY44ZU z&u=+svx|MxhYs&M&U_Dwe-l9moVNlY0sOuAqS+j_RCyD)EhccoJyK98NL0#6T_LJYVp=(CZ*PCg(O$6EqmX&VIn&frHd!;T^G4mI8 zh%FCXfCD=fwN*iJF|oBO`VQ%|oDW>SU6A z#r@2gOWn~h8lv*iraS7DkH8f#442YAI$j=}mH!=#Mm|vqb2(!cErHxuN=K=9mqL(> z=Lg!hw^7-u(a`=ox-WSbLJCh`NURMQ^uXhov`3Vy&j7fe8aTLwY(=RD^ID%De;DTY7QFB{5JfqqhO+ar5sp&zNkX4@ri!1zU9>vYERf=sbnZVOt)E7wKR z8>`C$c2j8SNPiO{T@dKQr?KCbn}!)1BsYL1xdG4Dp$mzJlGGOp zH2Yrt@KE|%rKaMgbbV=S5v&!Y<0dEd-JGq_T~B#6OEAFLb&l8AD>gaI3oUOlykGwU z664GDxT3W{^9qMk|MqpweZ)fiLrcNK5_HvV3{HE1(b3{I9~T^>je6t%ru?#(aq3un zeGx?s9fwKt=s=k}HKgjc;`gysCRIs?i8d?iMf0N|#k0j-b_26FT42OrI0+0mP#@Z% zLvyiT%y)|#K$^jq!-eUO76vW75EBd>8cY^0dn;{U`dv`H0rYEKhJCDN#F!~yq+B6y zuAE9z&?z>k#aOwusBCEvd26Z4<+Dt6XPif&_d1E3K;Ks94VMvKbPPY}3E zZ!Y9QU0BT=)DpbYEO+yK6-%q!6fQriEosnncH=9o!D7ab3}a4vTipcD#HX=KalN1? zC~@UO|KN%03@13zM`E2yQlcj)T){aM-4Zq~ADFL<#-@jh+OnF(o@6r4r74zi!`1K+ zon_|3E?piqSt)mg38bbXcu`Ec|HCnr30H^MxcYIxTNPPNvKHeyt*tGN%GXnfeu3Ak<#`0~YpCV&9y1UtEH^HVLluem=tJHK_&4g0NaKiRB8 zJNWgaQ&``VIrF7RS=T-nog$-akl;8Q;gzcK!CBtpr<)++@l~qzaw0maQTbsGj!mOy zEFN>%tPC!iPENPmX&Wtin!NK09*WcpOKo{!V32>srjv+Q0LWK+TJjOA!%^Ww+@Q+- zlGvN{#tBjz<}Q1iCw=Q{*6N3NZv=;4Dz}SvyY{xe+iBKVKl2qzT&X;>_wYBW&xT)C z8!{IKa2)8}5u`Ee>o7;9A@1~#n<@&PxmFW{2%OEfb;$DaMAOPE%Z=A4bM|VEB4fKs3e?R1U$xeYX$Yy?P5EfPA9i5*~^J03%U_sbe%{0Aau{-1aFXQL4$-O@9{n>b( zYjlge+l$Y-YQNY)`pt4Ajjcsn1o?6zoJQ$KZoVFkbsh+=aMXVZrwWMXc-T}8#qGBP zS&gxvAfW-H&;=Ax>^57THhnrRemKeCzRcZQU&p;rSjW?%nfZANf>7|${X)a%BIfjt z%D*Sg7*MKjc`uC(S4tKaNSt_zpEen1e$DR~>3mbq<^BzkLN)kD*;-DJXl8&6lnEB} zg!8;+Z_EV&FWJUP6-|eSg>qdZ*8&~sZe+~<>a`KP@ia(>#WrB=!&%0+*e<{^Tv-Yz z^4u5~7T$$6{eD=aPFpeJ_WJqEJ1>EUp5M=oRXaA-X1C#ZDt|SOdaO;*@^rF0R5NU- z_eqIwKB;bY3OlVfFMICp;U$|ubm`{DE5-(F{1l)9cRG0@vQ07p@-=U=p@+J2FC7XR zwO7rhdHj8$S;Thy#-R50uj{ye+$1ExmWMkJAJX)@JNN)i2ug||Zn+g+`kF5vGPw6K?X&8m zC7zl2*ZsGa5&?w8FqQ_j0f7WU^GNwRVmL6ZyXM$01gboH)GO65lun$Fy8H*{XRR|u z0TUYy!wl0z&3|#H2XZCwj;d|>_oVg|F>2Op^H$v@8E!E~q2{vUmxFE3Or=0HlT3!6 z+rHbdo42?YgHCgqw4U7EY>VVaNYOiqSD7dFx>DvdQ*d9XyR$O7i_V$8yM2W_IpNaS z)`VW^yo2`Z3RSz2^1R1|1Vu6Lv6&fDyW2SGI^UZgIQxZQX?xaKK%lgq}&36 zJ$Ej3FVI-tk}`?*t_+n@vTt-)6BcCBJ1r`YzW<*^&te%?8Usf#f>@ zr$9cw-*Isoq|nU=dRB5l1c+bvCbpN0&MUt5o6&ar*m_0Ha7w#RS9>foON{D_Qt1Z$ zKwd} z#4Vy@H@c%?iasp`+4D;YzrBQ}k+uyG8F({f7cYmQrIZgl!`&i1Z6rIJ2%gwgvd^4i zmT9(53~jmFAQg0i&8TV{>JT6`Q|BQFap5X|D=sD9BLhid^_b3OtE}Uth=C+tC?xGn-MZR(QG_HQ9;Bx3qC*O$F z>l0MROBuciP}7!{<_+psCyJy;ek{KVq_UQKmWiY#!JH)*G69r3N97~`1%?o4by^v1 z*EZ-(z$*MyiccNmA848k!zWqp@@7G>TZzMe&~wfY3}!zF zA&MTX5E~twthZ9{*9Hr+2rR3&Dn6{ljVXDUp3r4nCU)C<&l$=Ljgn@LtfEm3yIwg^ zo@6eY$gc~1=p3tuj~2rJfF1%RT`i`#!xDl!MKHUH3RFOr#&(WZ-jGTDu&LDD z{Iv0>b(|~N9T)?ZbajNrSoN-^HlOsjM%^4F@Ar_2$q1grOi8^v4mLS`;uJ=jrwkr^ z9DOpFKVy^@~}JTu$O=@Bz;-D$X;U~PpK z&n?rIEmG%ZV!YUxx~>h}G^rO!{W_C(a|N(H5QXwG!4pUd&}INBYpsX}CicV94Zh=T zRLlj6N-eQhU)wg1G-ihx(w_`tJVkqQHIa>evc)Tt$|?W-#IRt!W0yPzQH)#^tom_l zHpL4)9#b*8wTMzMq_ykNyOeMJ&^i6>lW2CyK;h1OSdCHX^h6WXg(Ya2zdnH5yt8#} z+zXL2tTDW7JsK~QNK<=bZ25_pkF%bPQKNK-u#U+r_9JZ2W9iC+>aLNI!J?=TDTzuW zHR;;e{>Y5&?Gd}jE(vcPq%Lpj^x9kQR@}ybR!3s?YJA` zY%ZYr<`6Tw`GSp}f|I>wC?74B1<(Dp?UUB3fi8=-ibk(_7FH~ZD-9Zv&*c0^Y0j;= z59aHtGL2mC^Fdw&-20E%?wi%RsZMuf(Mpug6KjNcv(jUu!OGZ$CvPXKJm0f((P`(B zZjDLj<;E}r8>>(FgiVc1n+eTeB$X1o#*AbSDzWP9Emvu znv346<|R%aTd3co>f#S)&kX_T6}`9R^e^RaEK<_+rdM;jaKeDg+Zpf%S%W5ceTUfy zmj{pZ3?AKzb4z^E)M?~O5vZsf>U-ltq1<%NAn&OGn{1iF_|Y$GW?M6{2;P;`nvX`2 zQG!){w|;xl_qD{i0SJv`d^?-X6(!{$Yi@l&X2OkF2aej!Oq!%ZmgE=se z^z@;C012t$=;euTsHwMtDw^R2ER4K#N)-+ayNiPg%!UlL+2MValF)tk{<2>4vANN1 zZ4swxeBqVvC$1@(Ua9Q4=ebfbcK3yKN0YRC1~UdQp2tS+^w|#=jmHip2%6yL&!77F zv?bG_YAj5iS$3T77;-|&3t^)N4E*0G)v8)IWti5x@A&&MH3NBl7t>$?Hm ztPKJ=Ur|t`H{&|U_7W0v3$z1=K#r$^P{^!2Bh0V5P*IxyNdm}ztu%_=zdy8ljCX&@Q;MZ5c;^^j-16IA=*i|+s>a5yZ4XZ0< zHF5SW?%|iqBOU|@-rZC;K~K^pm^4+eflQ5nq#b#igBU~dA>K#x!w!LN0@5(LY z$|vlhIvtgi#+)BV%U6_3C0!YEj)3MKL49~TgBBb~$#4ZAnK8|049eluJ&p?F6;L3+ zjzc&grzFB#-?jWglkbH1B;VTN%Ff!PQo9>nJs-P;y6l>7mi4pF>W`(PfP8&UAaZ;5tm64$&A&M)#)tL zrPP8)Jjjb%xfAhWiKl8PA4q8HDz!&*1PQ3JvF^7csx@<8QFT;V0>)$EDwHze z>@36UK%4?;b~3v4D??B(vH!yP0fX1QoQ)rgO!j5-N`x(ovbM@i@_8F&?y4bk{t-(J6FANoubb%T@MuG}OuiUCv^WZ%y~34H9O7 zV01F=T<@#oY4UOhlE(cxE$6Ta@cA{B75U2_mVBKeIrukg8Z^HPF$q>n&!v^|O<==9 zT}bAp#=&&g*0 zkb0HE{YnI0GYN`^8cSYCr?{2*zJBWc%Hxf|i3t)ISRR38tc-V@ydEz%VqB1PUtIzF zBdNX149Ebh_J={89WERyQ(~qy9$+6f#|XI0cBc0a3=Hy@+j5?A1OfnpG1bZDoIy5- zZ!`X$YI{~x)d|_wcV_!mHL+7-@v<-7ouL8gg7<7yUx(Z++fX_d znxZI?UMFdM)0QWMs-l}#^E5)x41UKPlRI0}yDZr3&NTL&@%Ka%c)Ql%#8`Vg;^ucG zT~T{Q*YgpbrC3J})Obx-F`8-P^{u;MPEN+Kx4q{b5@#m_r4=IsHOybo-k0vOvBTFM z2AQsLz7U&#Ms(tP*ZqMFteW?_HJH{Esdhm#JUU+l{rRq$74hRk~Kb!XHoP#=_xu_&PIrqk^w)K&CSz@mZ zZ&cVX&F?YX@i22i+B4NYF$dZ(avPXwTjSBdB!9`p9p`u`g?y)_&QkMhuMX zJ^?q7WrtM&IH%VWO4W9MoY5E}nYZD4X>GjOyWsl@iwLbz#d>VcldeQq#V` zE}1ABE_#DArZm7dm#z!<;hBg53$~k4-~Am%&;CwT@_#eAR#qmsvTJmN4>%~qq%_i7 zY7Lehl{e9|jJ^#VQ(>GHq+NMLKYPQ4436?U0>}A*ofAb&0;DV_+zGIV{naVOnr+%h z)xi6zRoD-%QRf))FO;i340zSW#;t_cJf)zXo|c}dslqD=_21yc!c( z4o0IT1OKzL3|(FiR5*qiP}+BN!z-PdL?d7HZ8%2-*+{tw8dEmdx=IJKKc!2vQGKCW z99lfQaGIWzSroO+%ARodgEJJ^LylJu45ht!q=E6uOvBuVXlwV;KD8Z5-D*P6}w?PP^b|H{KHQ(5z_sRLZg+%_t{P$lSc8GnS($mn* za8df|2l{dGpJ~=~;(;Sk%&t^c`36dFKl03636OWo6Zm!8sbPh7HyK_g?Rt%&tNby> zYS`~$v(=s3t1xW-{&_8vCfw)82Bz2#Z=R>OQHMmicE!#7$lR5g0CIAhl5Sp@M{te1 z--V(Du~|DGlREM=Qtwu=`6;dNKV_%2v#HUE44izLtPS#MvhPtM;Wr>rk{KT#|5kyb z4#=k&IxY`W`o2PqzN!KCCGrK0Jk!6h-izRz2SN^kN40{dJB}l7X+oXd1I>Rt;69qq z-Bj5yi&t}4dtCkI{fO-LkYipg;`aR$b{6clyE8(8fe~=M@-{CWmH;b*`O0$)Be3Vp z;kzGP^8$qDMS}`dUqy+SL^IY5IzisP?{tQ^u1#d;y2P7p5w>Oe-;CN`w~;lDjeq}% zZMIqD0UIikeKyKJbNHo~-z1~#SRVb4b$a~#(GoK|)EI_+ z=9^L@<0hZEg2Z!TuLSO<%!x+5HC3WFi+U51vQr3XkJCwWmHy=TImxs6PpVDDj1B0^ zTNXo7_8+901@#Jw7us5|x9lbKFK5ueTz)1$kBodHRxcdjYEuBY_0lnCvIlK8bbn#v ztN3OYet+`1X?_X6_6vnnv&yn-=L|}(K8qUs`n$mDOp?J2#T3lz!Hefub}sxK-(G8ZtY6aBe+Q&J)nZ9X30A+r4&zM=A+-{A$b z+2o#N`5n{ZJN^k}O!ndt~CYJrSZn4g=JD|@#%*k120GLvVxJNQ+cab&hn9p!ol(Cd844dd#B zOB>^>@`+gkO4SKzP6mS$a#mhTe&}(`lcsLMCdbUHw7WN3*4zo1{A>NLtx~V#>}q#6 zvVI85;*s%ev&yH-KNlNBFYHPn;C--D19!mN%MPQAc<|Y;`DfNVEoAy2kz)o2Pj_JL7+BSp0OsZ#8_DB&4gx$i;YJpxvnx>-~8lt2W(OEna%|M@`p;cOp{2 z$ZI*jWL&T~M@vMV?rw~DcyxBkH_cNywtRfL-ush5w0G_o=lL;T1V`&1Q%rlsCISFWbC7{9SaV6Bt^e^Mt_|ltj zXAp_9>$f+ul-3~N>)0o6UL69Jy`N(W!4YFY(0bwf)`VskkmDJOcTQB-8qa?hf_XSm z)J#g5o6Z;6%+xggYBS6_VY9t4mx92f@y3i7vPX|`x5)o=wO`X2g*l$l4jo=u2o!8PgN}Y~od4Dk+7;6E8;qaCU#^-g zSVqOuoq2I~HKu&W2)-;Hf~rJ$^CY4{pl*q2c@1nb(f91qNiKjQLqV8}9CrZ5Sv- z32mT9PcyhUVvU0rKG}HB%E038KdBpWPmN){^3wFiE?%gE9_H{1%50^t0 zKvROpZUA^SD1S+~y+G3}hC-D~pycQEVz|w^mn!QH2j==n(v8IL7Kuys)`Po0(xI7a z5cG->^xE-WVeg+ahRl)tQQBJQk zAB@_r0taS;=qWhyUln$|PO`7E`%=u(s==SxeeoaYotbCa?En_(SiRO0b7Rt*Wu3EbuiO=iDM(c0=Za2Y|roIm4d{Lr( zBgz4)3wdD;%x@SL)+8@#YlmC62TfE{>M~t_ zr%xNj?ib2<*7I%G#aGAsP7N((580X9JHCka0Mo9qwC7m$YehiT0{LfTEaO}&bt*V( zeR1;&SQDl*ftRz|Y*GVl9YWu3$Qr0D&Dw;ecf_?YVLffGOrS?s{e<@K4qTWBnea-v z?^3^$7vN(hXfC6E_7VoJus5rE^5&w*Uz~r+Vx9oEynxzNf^IF+K^x&ZRxpyky~`tK^D3E zBl4l?l^Q=%LTx_9ra3l=Qku3@*cv0RCrfV6(9tiya_g;U~(A z3D&08vt6i!7|)?cE;_`I zpellPYBHDQITp4zl)w^wN9vvS<<5f6OYo@U+?hE7_q*pj?WOODRT>-U06X6V>(Uwq zn3g~d&0YM#0Z7Hp;bWm%lBCkUyPT@i$F@R#!;gpECR-yTjfBUVqyzTnf$UmMvIhCa zK)A0fB>G=<5>3@4Uw@cO+Y3~h&Qj(hor0cH`NjKinRVz|Jq4*#sf+?7ZD!751chGOp-m2h7bufA@j@rjNNYkPc#keB=Y$nEb+s%>m2) z;}As?>0BwuhvN)+;($%1w6q`xzkA=vg9HBR+m9rd>`EPX5@qKpm!E2h9U>k*Q-mG~ zl}^&%xy>(2Dh&7C!*#qYB5hLZp9Pv)J!i?+e&|U)w-K+2MCh+jFp#$53B0Bhvo;;1 zBA>FIQbckSI#L`w&gP<6d_pDbJh`Ei<)GWo90k&OU!^mW-?WOelovVPk%k3DssC-b z^+q2-dhBD%t6nz*6(x}~bN^R{gxCRt#|kPdrMJb26+KRqRu=>^O+Hv?z+T&Z+&W3> zsP$#7D&dsPXY2_v7E&g!%f_T z1cu=FO|0XyPsR3xuU=WH!L#_+J7w~kCwUFuZzPIb9p|6_jVaK$L1HXXK2v(hVyFnF zha|mHA=2n^<}bTGsb?^M4}?!OY-B z__X89e?iKHKa+b*(wFs10RPqnjGt~2#{!O5!E0fC`y_z}i2bJb?&<^5t}-xj{(pF@ z*OQm`N1b@41^)qU-?Tg!g{~gRF(l!Go%YxKK23Y#ugHzGY5w&WBN(9mRrbV7HKvwY_Q@;f9%0)PEto&XiKil&I4(w%& z3K2^b<&T7lYSWy1{+P@g;%KItfZzV-<zlX~=75jjL$34&1&eZqJ! z_58qaO~XZ2VrWcI_~zk`sZ=_$p3J@Bd`v%hV6+HE@aZ~v(TKg8o&)+Cu)QSoM|-3! z~sXfPpJV5y^L`K_R!7JQOCQBZve2DEOJh(Kr?Qa8` z1&m-&8KC79*C#tb`>*aEIC<^k!-(LZWK&?i7O^8fWudCXh>%7~0r z5VMlyB;C-FhQnluL=+bq=L4=_pWC0@d5x`)V@2R7TX z&X8;h(16^JY4W{FqEQMbR28l|;E~E->+|hHIN2<9yX}!KJFEjjlevA>BW9OucZoy$ zbo}l1^066h5@>%9IDwo?WZDGvjY5LR$~p>I$rr2R&c+md2PPq26MUZUhH?*67RgHy zpg>IEvF((1W5LFxE)>D@ClBOPlk(&LY50HU7_%&syoJw-<}}II6T0J*$jSyXfW+5k zBu<0yg1no%Ajc2|6%rX9bMhC#D^Y#S0I_(1PBJn zQVF`MWm0%sn>Z<-ztk3JOas`5bdPq5XchmsvP^kJtrgmTT|-RM{}ALSr~g%`T2Zo5 zCMbQ{y8|N*Uq2Fjpbvl@7ttnr44;)u)GR&e`pN&G5`0ONyq1KHo+y*8yD9(azfdmi zTgXB^N$fz1i2w?4$o)qZ9w9Sq51J+Me?r@3k#01G^AOw{>p*ECaV0;zga{I6OBpF7Dwx{^z>oENwb7ERHuBv#`9O#_ScO-t(W=RXdO z<}4pkF96BVOe5ctBrmq!F_Pzb5Y= zsGq$}Mm+_$iP}>jVf}(hgRGX08UP|rfNAdh)p9G7U$+n3aJcW+;1wcc>WToHqe^k0 zUg~6(0gzk<#W9NCL=hsB4Pv}Wfd7C=SRtDPVnJQXU+gC4`;`Q(0m(mT%9zC_3P95P z#L82I$pI0>AIO8{d`wix@T-3sJk7ZCv6UPrNC9^I$3oUQvJdqUJahh!wYeAhZ0*be znBDt4O8Jk8JRq6yS@)d4pRNh*JXf;rlS(%TCi{N^;{OFlW+nbvW56l>1GuHS-H2|m z8@R{8u8}ZiE&2ydjA`Uq{rDeYMa9b+Z&uQCOj+5vVM1#nls(@kc4=y?|2q(2)2a|7i1D@(& z*c(8kkx(mWOO%9gT0koQAbldO1e_#oD$Fcaao}X~54_;>RdI`xR6j{!^Cht^AmK#a0Q&R;#8VDp@QMsK_l`68{Rvuru>J{mi9`@$L^3r3fNC9QAa>^XR~TT|aP&o$>AhctXr$>l& zrmh2~{4Y~96_U+8dYhj9>pZNGb$JI`(|Wy%4DtYo0Aw~=$*L(Otj|g4k09> z5E!_)xR4hcND48Z(z-#S7`RlPCYDF;0rGT0iO_?OH_+nlq%`3>far7&a@ix>x1v&B z)=;rW9$-XgqfOWe_CsTglak7_g?B8ZC&Z#R?8EL%Y7PfKyu4BcjcXsqaG(t%%Gz_9 zTfVP&3`3wz=tsMy5_zf-Kypca?3uX7?p#fd(O~}I=h?Vf=-5n+dU0YN7Pc-gz2daQ z)dCyaki@a$vC}*GUK}lmNd$ro@6y%RG70Myfjm`9c2_9q`ITEfzJmT)2>(Xu;@~y9 z)!gne8y`y|9~1?g_yN;W@&Y?;JzKvveSr7jqF0Bg6>$p9WaB*+vM4&gD=}W~op>i-cQj%16KkUNs8g6h zSk@r8TyA*DTDv8161j%jaod*x=E$0eT!YOlGL-Yw%rwukphrXTZC$^2Oz`+z_kH!7 zvFz6YAwRGUii0K8Z0Ej!rfgi6&e#2Z-(QLWCahRaZRLAsc&#jL`R!6i)(^5vQ>013 z7tc{%(>v6vVpM18vScxUqy(z3mk(TIl4!=t$qs3}e7;rF^1OZIE&+SdoFm_x1#p?U z>EZC`wd?S!E!J@!h_##2!5cu+^D5Rhj!np7->-WJGnEck)|TQSk(MAyNK5>%qp&nnE-iJuew(F@PyaBs^Au;U2?2OZ@jas-$Fx~hgxCu2kCd_9 zU@85b8+G{Z;>c#n#uku|OZ$@@DLd?Y#-}OBff>HhxhLGSFh4yBt2I0Pv)n{&K3<~l zSBFKzh_BoD?fEeY0tlaau?1oJ+;1cEz!RUjh&K7C(>1Ow;9+MTnv!cvFV2@E^tq@k zXD3Fy7DoVwJsE<3^gZS!Roz5RXzl|s+Z#g;<&+A$&_^B{dc)g$J-?UD>Ija>^ZX4J zRDzSfCt3mH_pn^ylMWJgolkv8lZH7r-&2fNTlI|WLM$;A-}62*g!<8B-k{(b-mUNd zE1UFujZ~ejFF2HT_0OmYehzAUf}mfpmdpZ>RUFsIAewr>#UG=f_EFLs z3m5xDFU*$*|J1Xso4}$YMzA5uI%@JV)wfdNiP+KnR5yjqc{7HMp2Q#4U*W&;;w2cH zQ=C0le9Ol@4IXgcbO|wR`d_v4bR#p713tj}aFM7ljgN<=^tSox_S=$WA)MWHf+Sg* zLRK?Iw{>l2SxYGxOYklcWIG6K3~G5iedtT=qi+BfW5Idt%{JkKFfTCesLwXAt(NDj zovZ{Tn89?`tr|5XHy@wqt$U7(xedcHxJFRh5$FYVg`2Rqh*lp7=tq-d{hi0sRUCCb4G22_aq$dFqv9HEWc1 z&=#ah=X>&7e<(PP9rS0oNquL${SZ(UGuN9oSBOS{`(>7(bypA0LDpsC2!a z47UZk{_uzF!QjIxiw(+$RqAA$^xjJPHEIO**argt$uPWZHZ+IFK4pokw6(BbX#qxo zS-2At?*^R)u*h+_ZCI)sFu(%?1x$s|XE$7P{&9AfH~=kVy;5!}J&3l$Pcnr1D6uL; znY&wW7MB~Vq44-eZ$dgNd2KMe2!2a~lQ;YJOOsBTZ}&>vL$BI5iRBCI}g_9wr@2eN11^m}=v?kRo4<>vdNo&&0|A;}kFSyr2@mu-;m z2xM4ko^!YFY?_Z}!iOpMhmO1Lk8f`Otm^%LRDESwRNvS301^@k5-O>nw1jjIEg&&4 zLrSU$NOzYs5{if-JyJtSOP7e!-Q6J|E&c96{QaMIf8e@cm~+nFd+oLEb+0(9kx|#i zu)-Cakz+51Bt47`G;iqquYC&YmY{9rjjK@UwXWN1Y&7I?>*q7Iyg=A3Ocr{lC=D(g zl$45w;Io{P)48cfE4ikz{!<6Nbk}l7qR#TCwDSbtumC4TVeuaT$-RA3jU6|_WUEXo zS#iwJo0qR}+wg4vOC=g)aRnB0SWpX7R(sLcfMdCK7HNpAgyjRM+|+Oh;~b^kpniT= zpc)H1vO>=s-4Dk&GuM3%A0d}0gCfLFF4X*&t0cmsr*)qjBEw&9R&E0geedoX({-I3 z=g*YxXyD!C_wQ;^l2@Rl3n0#@6CIABFm}Ez($o#3F-8mchtzeE-m)kfGx&Q(qk`sCcU#Yf9fKB=&KX1C{K4Tr#RM?T|G9P zDA0QxIl)tw20OIz{tK>gLtkAg(;t#vQ|Xde^`@^yf@PeL!fbSB3nfKsLuiY|h5JJP zUD;`)-)L1{wKs2Gf+v4-@&VN=c`13oC$+-cm!JO^Tku#t7TOEMw0cct38#%NIpwU4 z!Ldos@_t*)p~xn3foYAB(5D{Ar`F5OgW7XfpHV@(H?Lt}O&&7FqU}Ezj#1t!M&5FF zk+aT}I1yzv`|$O-veT0((N$b*A_UOreGj(e1GyMakdUb%${#j@d%nHUd+fx3@udQJc64~o327x zH+S|!XJqIRh)B4GAqSu~^8zC;*>zAI^6)l8cjqYNGq9TzS(UJ(dfAJI$cl2P9NS=Np{Q;)%?^*1c1 z-e`*3D=+A48c4+Vb{QCIEo6;fGb&13K*uKSjJ}mRUWPcjwT`6y82PV>Ql9KC^rU>o zXIt`m?1Yvy?X=ja6N`1PvYM0S;p8ZSJB8Z7NkGM?U+%~q!}TM<4t4z38UofP3rzAF ziLr@)mCOCnS_Y!dQ|$%)vKsH*8l#@ku5ZjhzW&h#gnZYDWru&4b2NQE!z6FHLX9XTQ2i={Vv5RgQ-?Ug$A#gOoe|HHq2F1*Ycq z7V?A83l(3#4V03m_^wi{%Lu?vt)O9Dk3Ar@P^TC(5VY0Yr(Vpm~?s(Z}h~nl#GMWlwI` zd0HLL%s{QO5*Q5JJ2a(tpcI@Z1){MU;tl9){yfm^gy}`vj6`nw+e|c|N9{{`Q0%T1SOv1TtkcTUvE6) zpF{(SLc@m{{h!?dKf@`|xPWrt^23YoUvR~;+xd^C_>^W8Rxdvi%G#{@zi~HB-Xg&M z4&AvVUmR77|Aw-C^AxFO!C|=k8kaPq(#2s$2WuvyhrzO;hkbYT=0j6PeSLB@%)t+Z zx4@ryUDzFatoZ-p>QR^e!JtTS%@}z^)KYT&Z6^HlQAAm5Se9oLNNLRaoh6Gdhfi zb@}vw3Dl8m<9QPwd%=@w^VHU;{rwmCF^)6tWt0Wviu@#3zHp%+yohJ4C2Sn;(fJ@E z%+!~*1S;?$^x_J)Hrp*_-eh;@f7J%)C;U~KxFZ>EWcLL@1N52YUgBBLxj7I9m16E2 z5T4!dQR?nH@@qcM4V_>@^YT@*CKq&+>wkc}TVD1{{T+;yJC;}42exji3m-Wuw#*)V zd^ag7gijq&JU9N%*}!hq-c2!1Keji&4I7{-BZU$=AY(AxZ-uF1Xz&TfGF1bpq1m9< zcAT$b5!lgrxK^xI|(~^LTU~U_OGKnjP@5=zBnagH1K%z$Bw2azImak0wh$b+BDy{(0~3 z-Hk>@iSRCN~ComGfsk9XhQcvpM=Sg~$r{T;{f$44urLk3g^prPl(YH_#i`QJyg;hZW< z$v$Vli(Ygk&G6N0+gXdduZ|zJX78M|Wp*CgoS8XpaDF>Hmd@;~xS3S>t6GYW($_$+ z*sJjGS?I^;V5R;)YgJ%dvN4GRVr+f!jFx1tx?K!;P%4FM+dX&oBCz`A+~#hO$3%MC z*awE&&2qbVa)U`u6{RAXl3eMIDfk)$HOK5?0FT3O90pn&@4abU{H*NUJ- zd6ZLl{pI8I-B#!AJC-SZBZZ2+V8=5TR#69mbc%W;CI5G;>$g`RDgaznIc z{J%y0rR+kFz4sS;Udk>nzme`R;M_RRE68wM^U}*`{eIp1_bbOCeV25P%^DZ&hO9h1 z#^(F9bjC=p9A$rH1G;Wf<6N+2s6o~6dC zL?Sxs)nP_s;_DfEYq)l8d!#@bhn~z4)Z$;4mfP9wmcCBJDKP1Z43j6gk!)qT!<6i4 zukD0V2w@kGYXS9Kk}pX*tIz2=#Gmo1kcfuuxLkoTJjRD+bXu~(C(MNYe}>&Ro5m|c ze3|ss51*wmmi21-4%vW@wXU|i!soM{u;z3H6C;l+@7#I6oQ5(bJrbC3?2}@Wn}$RaaJ10HIm3eW$bHJtU!K_J;Z?^q7wvjY8VaDbD(uH{$tPS$wbq~vG) z_EIh#iG_RRis=LKAyv;=(k3IVu`jT%N2@ucycA2#f^nP-mT-!tMcnt**C3C%D!gFB zW`+NUJz5nxy;S37zgBS7h3zc2xAD$ohRxm#1kevVHZ`o?f#SN>IL*e^8 z+`DZt@f-)ZR1sq8q|Tw!UGz7=e& ziiepM=ckSLyij-Fs6r~8)P-s%`)m)uKtGaPbNMILu`;T7myM>u!-8{KtRA?*!)*WsK|ek*Of)YLw0 z^9!IHER2e#uLM)&iZ89_?*?NtGaih0cwc0qvp8HGe@{2eczra0hgi^;?R-}91gR3I zy>x1J z5xc>ZTo6cq7`}YWuL@IMZO;+sWZfv5a@G82WSgndSff$YLcPqEB{oyF#*eb{-@>Rs zK|D|LVLR6@*?=oPiG9Vwd%YWd9cN(RBH1>AEC@m3wC+K@qLa2HYrT$AyM%4~93c~t@;C`isiE#yJxlwY=q`^dw_Sl32h{ylJTVQigfcw@PMvM88-@Bya4QAis+W-S; z`7#Y=wz9RT=4~#pyddEfcFd}z|C!b(M`ai@l7&z0wf@pjiHo$kqP7+Mam`?}wsZ{Q z7*zHRH0N#Au40u3ww>kDwolN5V5Ht7cxA|{#3!QLvFq*Z)uc0-Umv?iwIp@fBnpHm zN+I@tjTHa>LQ<@uRlzE5_#sqqX=uc!W%iYXzZ?X#&O-xI5T2moBcT1yR!=;QhCnPa zU<pX!J0#qaHZ`gyjq zi#5=OZ0%mMR{7j>Aa$k0KMHW^q*JeK*t^TihRj0T&hxZr zxXan#4FIr+GJo3cB(wshQ8S#lH0LQIVYd~C$UqW!xMbbbk%eMQvZ|wefFWZjq{*s$ z;(g_>pG?Wr$F$adyD3>k^*A#2QP}4X;XPQlu>Bnu4!q2GhEmS!$ah zT_+>fw9qz)u{PObqk^fFe684JbMpH^-A<>-OX&wx$#t%qh-2MUJpE=5x^ge{0u)Ah zoNTo)dD9kN8#44cy)6-SK(d)hyms>#n)`A=w2kb-`qs9gcC$RCgaA~=0{w)O=Qo$5^|mVc*3-d<_nya`oaI)Nggs% zR{pgUPDVpsZ4mHb#Q8L}l@2S#5N2p3M>K@t4LDAObJhy-FRKS|o9MvZEN%p`$YdcE zx}U`_anRn3!=sRmHcLvDzM?&vYZy}xx2waGrvWEu>#5YQC=%~bB~Ljke|-c9A=1wA z*;KA%d>^~(FR@h-fJfUb+*!HW!(L`ca%&tOot0e)c@!X)UwPL`LAINjqYqvkZlz~A zH5}A;r9AR88UqA%MaBS~$tw zZKK|3Q$6}lq9EJ0WB?fZ`sHM=(|(2hD)YtJZ3pzu3cq>{*&*Lmq~)$D8oK<%*mA&phC z6NRZ&cm|I4ZW1sj_i!jqj^o0t(!0y(@ zAj9aR#Uznv69cCvmR-*Jm%4SwW-sx)`SoWA)olh08s|T218q-#I}rLOH5={N|6cBh zVPWedWRIGLKXFbR(y^w^rE}Jin}s0tm{tqHI0$l$-~ZtMB(c<$9$~)(u51B3k+xnCd$Hat!)kxxpL1O z5sGx9LX|Xr>BC7R&+-WD$!GUwo#sS}*68teyJ{ylxVJ>U=eG^j%10%SI&;z$oKvgx z|0;)4q~$@E&9;D9q-c>YNi~0TNg5rs0=lvN*45=KWLH9^sJ>USPGCf95LVbty3TB} zF%#XEB-ItFWLoU(*&--nz$7fX*)-|6Y|L6IylezC|5~E5spi%P&TA8we2f+G<{qe+ zR#leKW?{XzK2~n?%b~?V_BSIYb2w^|bgl5?I)&s%>ELSvlbi-iFM(OKJ&q)J5a_x| z0{`Tao-9mKALeEB^eelR80;s?`ZVmg`8bbsv*Kr=x@Dbqrd?|JY{mPcQ-l1g)=xf+ z2zeNU-7zO6c^Ky4jfk!KV{Lwv&;(gqU;)6h-yBB6Dy8K_pFqCJ#}UIS0%Ecin;E;y zbbQxsFt|$I{?P0R%CP%Kv&7in%sNv`X&1r}UhS#MiEDwb>I6sFJ6Qr8N(DSg#kzB# zFLb*eA^6^P1Vp@lt{#$}jdx2H5ibJD=58&URT9Mqyqc{*gX7&lb5Yl^1Y(jzCZ*YZ zwwiA)8RVH$%zCvP7m!MRbX6tE%|1#nshV==5^FlP-rq@(t2T9`8)n{rld(3$YkPAb zdQ}FRH|!nLC}(Uww%HNCGl*TKzA5{4;my(X1Q)Nz+9?uhjTmPBwwt~v7PKW+ zRKFShF}xcdv#Lh&@CbMSbuS*{Qw0tW+D#1)>R&f$cyIjh?GrSeF8VZT#N)4i_Z9EK z#(!+``ii3(jL+!pt@)~H3o#|qS5;AU(Wdk`y14f?)y`Yr5ATM-`&t`EmNF*8zo_byC*sX`&lwKl0=Iv&-{wSO@9yNE4cA;o!h~W* zzq~&av*EZoujHtj_rqJpqkTe11vR)OL!Dm%YPR)*!oO*3^sHQm=(PfT7Pnc)V0F6~ zpDNM2c1h!i$xyjOz>15h@wOEfOXZDB zRP6#gehpbO%IjjgY75)u((H3Gwo5a?booSw?COZUB-bgD`S`%$IC@*BK4k&Kqz%uQ zI}gHlw)o?2g-nWBuN_(Pi&!1&x~y*{08R1=ycoJ-eq=DS{Nn%>C$Gkc$x}?+MLH!E z1rH!jKAvRO?z`_qo<{$Lk8R6MbO$QHCfPti)`3kT{1EmN%>-M(XC5(tmbB>6ZHR*h zfnKk+_uMYZ+HHEqt?hX(pfT#^=0%PKE}Y}q38p+uD6f~c2`@P zRt<;*o_Sth36sO+|fM;)_~J{0{V|fSt}SjpA#1fnA=9JlUKEfJJOw z*!h!CP_`9R9oSc(u0{3|1fw{ zpw|8zc#MCy9Q-sIN$Z6T7_Da6^0xRLAsT`zeY?`oM9^%Jtk(H$tGcMh|-+Q}!hhGM`erSu~Do@dZR%hDVkdO@EE*q2eSC zCU`lW5KqxK?p-)4Ovwu$2_I?oL(1Z`F6LPrckFm|I-QT`Yy4dLaiGpQfGy?Hz9Le* zQS~*S(pal~$K@LN?Nm}Yzb<&Y*5gu}|CQD{N*{wrlP~)KQIhzXR9bqLEgV5JzszH9 zu)jX0RdE8SSsl1gC1{JtmecqP@RL^9ZTKi?o*17WGHZ|`F3;4!?;}lPUHzb12~&Kv z8CcB!TNDWLkW=PRjoeI;_cPQGG|wXM=Hq2Q0rVDWoP7QB5kw@t8JdYzeL{=SLrpe4 zY-jr%t2CXpS_+u^w~Kd!r^j-icy2Y5#v!oR_+KV!)@Oigrq7xf? zG#?@4#b5uJ{3HHI7}`8&j^WE+qyD?4DISD3Aij}fZin;FTH zFYckMb7&3-v{Ve7Puvh#8FmewKid{XnT1hU0|-1clN6_JyqFqHs~CJuIX|qZeN_%n zNgu!dLUYB%6k|TLT_O=E(Eeyo)bo$+YWQEp(X#Kc{gbJ0d;mMLai-v4O=R}hdA0jt zp%5ZV#DMe}ia=^%zAV8CeY`%coOa)AW%D_!H^+tRWTYS~GP%FrxK3{6H6>ygac_Z?(ArH^kqT1n-HMI zK`>_=C^_?w^tKv^bVjh+s9jQH=5w63#rr4+MCiIe_#AuLlvI-i ziQ}OS6&g`rCSiPgi>T2o7oH670Q|+w$sSuz24QXJ+0vI%B$e z>rwACl!_}<;pvSrCTFYu}L6&lrRQPDWyv}M9G_YyA z;S0O}iEGE8%Gt_DHp5BtG zh|8NINE(tApXyr2Kx8IOac!|m>1K*~o;kgC_!8IPH7Th?X6`UU43orqdfRDC6U3d5j?0a0(%W zwjznCnxJgM+Z0F?^DXjNNaqWQ?rLeh6Hh@Mn%7qN%YKyn9NO(-tX6N)RQW70 zJ+#|l^!I&&ClqzjD1&g%nSoGElHMZaXI_gr@yzL?ncWW;bC~h&yj`x&+Qy?EAe_9c zokmXzb-e}z;nW!VQ$*?b@@waGrQ{C+}H|SS%_zFqVS0Z zn2A#@6!2vOh!)H$N<3jCjE-|S5@gj^sgmrP_+h!0^Xc`7?y|J*H)U_6%C4994tx%L z&N`2zJ2f+^@5*B?^FDPaXshY^oG%fmF5zYP)qGDs6(yaX^*VEtszZK<0RN9!rAI;W zTkXS&>4n|{g$)6|EV-WSql1sjE;X1i$ym~sA;~vmk65HlA+7h0 zT~j>>-*m&CgOCC9{+pRt)7GP9R8U<(HP?y5*Ir$wd zK}aKf13QW=+OA0+|24BwTK%g=9!f|3z7>8KU4+e5Dw&>bvdSm1DXe^`N-~)SszB(t zt)}S!Wgf$(J9`2K6 z<>Stg%&&|(x4GCKJgv3Rg3#X+QJPs~0}@aaPxR)qfRu46LyaBYKPn%rP!{cm8;lY} z;M5p2JsT}|7!IkZs)zyxJ_u&{OV)G?S1iReM3lV3)PFu3%CX)s^TnxdOMvPg8r$cO{!uVXR~@+22gE#0wkIAC}NYIz@8Y z(im(><_!BF^9oaPCoaB2@9kG{iNkW{TS&Ln9gT+1`kx32@{vYudk5)@I{2s~mo;4f zIN3F+E>(>CUQ8VO*(RCMuan}W9vUawhbCFXRRM zsJ{n8u2a$BTR&UpC)UI=;(NCL(n$Y$No2pT=;Jw$yi9feAkJuiVsNIr67GB}uRFE+ z#ExIW+)WC{HhpNWUy+J*&u*Vv(7dM}NJFMF5KhL38rjQKdvshfeMf=O%f@W@NQ{le zD}VBj?TUoqM3}-+KEW)JrqDs+W<_3zg{1p9SJ#V$rS=Uxyy>rqSYGCKWPM!i8sAy> z@f?;ZETdg67z2^5QvQA?+T@I zKL`ydIZ%5wE;neLHS-lkb2>o&GicC)>&aR_m)^h~T7wt+&EbuK5smPiEJ&ay*=L<9 z{`oaM6Vypss~qeaRmJ-UdYb#Jk9Dtu=0d>_!mL3QugHc8=CzTo7P^;d<=Be~V0pCN z%+&XaFUEMXcRL^gv}%L5zbMCixS_@@Hd%BK{An=Hp6tEebA>6r%6=EuTEGGBbT0HA zkk=-DizKhTrc{^=@a)X~*d%eVv7>0++*fzMiKB!D5!^x#5tU6Q-!DtAe2Kbr>pp2-8izF8UjauptfXuGCo0g0HEL zy&g1FbIJ;{(mS%$n0~$$XiBxoYMAm(Db|vVtLLd^*s<$com$e;a&C)An1@Q`=ANN4 zjywKg{ik&%iZ%AF0Tt0FI&R3otEZu{17;!jHn)mxZSW>}|2IR_ zD=Ov`Kkz%BN-FYGogNh;jJ3ncD3A3HNrs|4et#C|Ev3qvm2&)2JU%%{_v(9Q+s}LO zU&8i7;Zz2wpf7LQh^{Kn@AdB>x)tx1yI-XO@0ZA2q9r41ZPxc0^=@oO&W^>^vRQla z-xg;bItcWa!*5u2D1B>;ENSs!Cjb6`9KqXr@Jl8sruK#6o_@`*Q>I14Y)bCp!OC&F zX2F9Fd)DrpFg0szRtTa&EZ|4sHxLYk$-w9@y%g}|P^Vru6_pb#h%agXqd$vG9sHB# zWh>s&corWvc&nofo+F=-VfLgLeFKFaR#S(aE|zP9d7ZZNKi(u9Xnc_*f5PjzEKO(6 z(RSOpyV?O;b9Z=Q9!GwodPn6L;3BcwNP9%E{ZPc9QhrLWKQ@79a@2R+2TFJ6lo}@F zc0DJS3aswmd=TEq?S58aQ2b=>RavTi(EIHU5BjmPvOu)SHechMI#ya!Z7VYEh_4>2 zo_Z;6?#CZ!$NS5D(sBo<_-36zAxZ>4_Q_Y_+x{P4N5dG))4+=)j#T;`*n^I%InHHP zYMI72Exc4;j)YbC6e8Z^r!M6VX|!dnf9?*0>AK*Xn|C`w5VAe^MRKu2T!Ml!sQdoa z#tb%_1|Q=-Htnu>Vq7E^UTpgZYWb*r;Y7C8d7tef;(dFAfGj$-w?6`)0iu6&&34-KQXRV zNv7TntZ^LiNgI9lUOqKHE6?S@Txv}=N?Z4Z?x60dxG$wzSUpM04Yr&SVui_nbvo#c zQ4{l5JzDe38iUr?fPBu?5RLS^+_@*7MehErcb0pt?mf9q_OMr2d*A!Kl^EhXZowy$ zwnU!3vPa+#?`}Z%9tm{Z5lAo9NSyL0Tb8lwm4e8t*4usi2L*uE5S<(0JI4`ZO z%idEEJ?M0Or)SHF+?Ba3`nba$$)s`(Qy$^_w^anVUVo&kXS3 zD=0_?eQzGqBi{CAmo^WH{zrG#>GR=8BoT`$y5=~EY8$scRWUUW< z@o#np_>_D5`#L`7z8H|S=Z=p3k+kbh{_^YV8o5Yh;xsI<=Q2YV0@bEg&1J^~YjaUn z59P2RECWcPx3l;@HuB zg-=@&y9goBJxWT-GC(ek^k?hCMOb-8|M?A%GM&|_1z%%g%JaSY9t>^*%~R{nDlhL^ zQN9f!eqbGS03NSgwJyOSZ;52QCY9WLWTUj`wy4KFlBr|78 zY9_JN%&Ie&LUs<-2m^19jb>;oDHZbx2~vnL^p`Ij_I1$tu~eoP_@NuN zQqjNwvF%}DyO<`Fmsk*mN&OfdzqA+w>kZ_23IZ8WBGSB0EBZ_$(;2pom&MZ@5YhkJ z3oO;r4Tze~(XWA&F01vXz5VY}K0&0ytXDATAS!dxh{q%IKM4ix#2 zAwYyX0dC-HaU&{f1ib?|Dt~tXA)@{YfqfOykGtL#XqA;eS9|1Xn_~%z@>Df6VoJ*e zgl3SnwSM1-37jMXBjK@;r!~E4AU*tI_`Vx&!54}|A4>XGs)uP8IrM5CVJlaslp;Rq z>gidvzN0`ZhwtCz`Zmq=F(LRjqkuq}(!9D&OKaDdQpvvPaP(*E0}rQrEv`i}D`K^n zo{-OMXvv@QD;6Y8I=QVcgN1PP{hvfy4jI&G&7vvx`z%WxR$la(K#%CRRgEO9K%9x6bw0nFJhpmhfJcK- zs+3IR<#n2xfgmSbZvp3DsR6mMvEuwoJDG@(5J#n;J6jlY=D>|3kPq*_-jlv$k>qmN zet_Zt{$PqpqnyQ`d^uF*6$t#jxCh^|gI+3fa#DM_%T`Jry51|Eh|&w-w$dGP1#B6y z6+TTzf>1{!^$N{YTpLJHR(kBxURm|x)=BprpghQ+ghSka1q0Fw(i#Hnh|#(CSz^K0 z>4+xO^y{vY@uvB)LLQ6riCfv&*f+|1d7&(BaG0e8p;q?{l9wPB@-{YxSzf{*%|$J7 zyxvu9`H`RF`b}qNb?{0FYgqDkyMM?^;AsAPVDy?9ZD0YQaRrUqT5VfoxWbd$pu|4w`)9UWeRoG}9{ z0u#D!W@V*tqS-}vFTM3m@^2be)Q)WD-;QA5(ibj(Wyrm2xkF5e(dwMpO-&3coPQV? z7*wKME3ZMatd*4`28V~2JzL64ctwcF<3D}6fmQVsn%8%x@8k0!C_53IOcTc9_}SK6 zZGjX~ts$sz90VRIvWMu}wZ%la%}p*08Gy!N_e~Jotu7nZwzfYGtuE_ZAk1Q=HM<6B z56xzDvGM2z`1znT)YQ%@GAy7*I7`{$!y?Y37_l)X4^c$H5I$XLX(?k63r@=Z?mmuI zks1=tXMhQTmw)8R9BX(LyrWs_;8B;!&8p^wgM)*W2?ND{&~p zl7xe#NHq^K(dA#3Ao{|Z{v`?*9`)wU$v^~rf)Jv1yz53s#-7;QI(p-J7H1JZ$LTUt7ZCQ4N0@GulSf=tB7UsILoaj*YjcI)knYk^^Dcws2~IVSlIPT^eSU7M$Lw+m$WEPUF77 zw`tN*OZgUdm1;#=wT3q5?puF3i0|ku{~ZMM$FWesGz>seQhL^Vo}bM<+<~!zQS^Te z@e&7k{HXf+DqQZ^A6|o%raZv5bJfBXsEG#;9vn&>T;BBWqT;=p3yGDT#$!&EYLYvu zUt3+ZrKITj#0}}ELlnL=Unw&0Yrjg1h7q_?KMtJ^Q!=QiU*XT*ciwo%wE-M@S zRy%3bIktj97gAeTcv9E5jE4zXRg#uI>pC?-#SgJj;#}_E?>Mht-RmVGo#CwEJgLx7 zGD`l{UzX)U4yHnW43uG5kkPTRgv~(nzDlWs$h_|az@+g&dPvCx)u)L8u+!Du)+$Bf zdIFTP+B^Is6r9=vhaCjwB{YUe1VpfgYg$9E5)u&wUZct;IedLvBM&$XpbGUf6y@Ha z70t~2<&Ly;lk=}(JEp8FcPRU9MY9?nJMc&}LsAT`1pdrMm(}>XFIe4D%a+5$y|z0X zNmFHcenz`g8QJ3O=s4V)9&R<$=+?O>wV0l&O+&LD+LDmW=Y6mtMiIW389`8NS@FJQ zv$jy1eM`{8ivB&jj-_$j-8iWsHx9`zruI3rDrWM!p|ZDQO8LiKAN%y*?)|NtQ}ed) zSnz3&#+Q$kWh)O!lP_517N#s`kdF+G*AxT9sL%t)1rP`F>OJ@d_8^ffhjkfyWo@mz ztc)c<$1kM&%vk&v0VdST-2CTxh3Z9z47qa2|^UbmLU1Mac1+UBv zn}F5SplRSy`t> z!N#^OIg9?hclwR=Q^H=}m$xWsS(5ep7Y~-@GD73xF2X6b(B1nW&6NQjtZi9;bPTk+ z#z5#wU#9L;1{)y=)VMJyvY)4x72Or_jxHsY`Gvpshs7nOK2I0vE1L>WXR=6T2$T*Z znulW@?6K|&v09Qj(kYV;7ONpv?cO1=y$o(s~Tif!e^Q-Lx6MfDevX!Tg(5c{g%Y&3lZSERBqe7;8N# zG&!*e3@zz2^l~a7ebV-Mug17(uFSN8I@#0a{HjAQYDqBcdR@Kq=jy^Ekn%Bu9 zm=rX{Od&JvOt1z9d|s?41Nt^-aF7D+U4h~Ilf<*vutlh?M-Vy_`XXtoz_b{g6TMQ4 z=c9ty^7aTBbwTM^JN&DEn7iSR1V5|cOR|u`BU`k;7}XY^q`$9F*)4BW)?M=UOMReM z7NomW;cw!e+rAaA*+5m7qV?j1M?;rh6fDdM5xF2jL=F5Kam?VXnFXtG=D~;IR{Of1m#akZd?56_w@p*XH0ouX}3$oNO4P)q>I6 z7$5e9na6To{f897^&}uKMT157%;R8UEstUzpFEpV^%nlCL!IKqc>j!ooA`PwV$m;a zhK`T^;*OrhMYgQhPjuiQ=(kBFX>)DzR!{Gg1hHTQ3LqRc3oENUl|6a@4xbwt{g~bQ z%E$lq0UAbwL9A?z<)`lQ?E~ALd9AHxrC8J2-+^n1tXu{t3Q|7z$e&@nGi;o)Jqk=6 zMWL=Ufj5i4uQ-XGpE%?e7c=BI#K)(}#@Ajv>iL>-@Ynr-K4%tr<2??v zA{tW2qzAvoqmuo(Y$j^MU;}%O%*bHGf}~IbrBDKpj9Vs5P?HIMF`Jorlo>z-fC$re ze&w5>@%~F{{l4c zwbeIeiYpHCd&@{e3>tsz9j#AI#b}?$_*mbqd8K(V z0SEwTfnY^10PO=^e@uC}0Kn){XxQk-FhLR3l2=&RgZ|f)BqAar9d`a@>Y+J7;CIH} zIGguj=?Y|JpJCGaO8;2!k@Z(&ODED}RF*uK1HyLW&-jS}T#rK#1e%k*`u5F*V1%no|^9zo*{NEXDds$g;o_fuI! zUuck&ad0+s)9?E@i!$FMFfx&om-h;G9S8rqbmHYa0^!wx%x~XS-Dh-|zSN>8eP~JauocFX~ zZs=oLJ|1W5D<%va@}0^2FR-T!LgEnU^DK8*t=b#^>kvlMXV1Rj;0Cue$pGmKRk|Sy zo&@$eg@il;0tpHGDYTW$#=fih5&7IgZFduJR)65@)VIzf7-|gMNpwooA!1RC&4c%_ zJSrSh5}({7lbziE%fzJ69?}`kyGkxxBoz?$koDV&Wc7lLN+;W`AtifN8VLUJ2B)V4Pa69k+ZbxZDf}Ar+ZQdFl)1?NK(rg~68? z&Y~o^q2Vq~`>lJO1roD4Q{RSP@!`E@^mwC4?Yca%IAiQcp0?0sJgP~n!D-{fLj#uC z4UzDmRu-w}(-^Y^TU!(2Q8%2cr6V+W{;N6xjOZ#*b^n80W%CvVI*QHc*PQI<3ZH&G(H$U{3aDpCy10DG&q~$sqO&ZB4Wwx4= zxah&AAO!>E0DOFkcSpW6+mQZx??zo&H558>64~xvl2bjdQ)oQHP>)_2AM~9W0(u;rrheTzo?vcRn|PD z8>rH&#P$jyPjOQ;^Uso@6j1&>u!*NdE>AM+j-k+}P)0UfTSBiwHvufQHOUtb9d8e`eFXz**ZSs@g_v6eoE;G?PpGgA>b zoUtPxPN(7u%YG8iexl}|(|)xCbM>MR!>A~wmUsoQ0$1-sG#TE}0`p^=D|%)_pipl< z#&e|5dyJpomzj`}J(8J{yasd~C{ zwtuIyJ?V1ou;QKAwwwlp2_QA(h3{h(+-B>Ahg>GierZ1W+;W!iE?mBe3E4$DGU(wj z3r2kGCxY#`SbSnb3wwGEo+lS6)dQQhXe6bG*Ocql#QVxArx2l|F_Q|{Eu9|%ZUw_> z4Kr1?lY{0AgszDno3lwhq1>sdpn!?Om^gV0?mf;_QoIG;vFLNINQ=0?3_)q4UE9-_ z2}b?|!{GL-QQZ_`9LU1Yk1a&^D1&`PypPN)zo+jh(>7%U-wY+Tss8(!M4R@B5FV6o z@6NTgszif73JD2Rt~2f{Z-pW2C%B<mNo@pm^ znt{RQnT|9l6@BD|DxtF`!$khbk-X~G|NflR=K}I#E1UnpA3fJ_%Eh8Wi3MvgN0S6# zKklBy93D_QdWf+|sjH{`k$Dej1#b9}g23sboxtHxgws6$abjEgj0{9|(YZ4VOONZI z>}%}ULr%eW^B#_9y;}PsxQ5NR3Hr&UvE14|5A~VNBUJwT%L=R11zVI;r0lRew@rJ2 zR3x**L4g}fDZ3MHM4}hJr+XziByT&i6vj5JJR?jVxDcA*ss*gFw_Uot8mgzOLNSs zQGE;$7jEkj7i%o01CS&gP}FP9N{=y2JI8%};SR#&e#3+(x`>7jKw7&@Jx ze4rKRQ97iJ_FZAC+et+Wet&sNaK~g#?P^pb3`#h~q>QpiPYw@YuwVJ#AB__f5YW^_ z8#?sntKnQb`jvBxFd{C+^9YT0B^bVi2*=V z$LTXaz*)b0wt=@dQvh+tahhzrQu!M*WijUh`I3uL%_;WA!)gD0sqgiVm#@wimBsS% zI*0kh#>Knq!4TtBN<(RBm_N)%XJwRH+>bxjivJ>B(cKo&d(N!@ z|G|}jk^FBA8F=Mt6Nt2{2Nr6&Nz0#CEv;+y(luG z!`y~0XdDJ9;{v|HXH`XFuH!CP);@c?+z^$ZWHsc?N38MYIH}10C#(lV0Ws_%IxQ5m zj3ujap2U!6*3=K(vb40U03fYu4mh!&7;9Jxb_*wnFJN7n*;4#hvdZZ=B>=Y1cnAoZ z+3$cxp-X53$WDyS=D#JC&B*Vby)I>x?TGUDm4(8Vh=YTpBV0`$H4D9SFy=q8YW@_g zR;h&oA&1EojPG0)+Z{L1G(}*bKBWM})5yq(m3n5`M46?2Z?!Er^<#kw5oljP@_y=S zewH9$NGZt3D(2@^vx>!?f&zux-}LcRBR4M!xROqL+8rnG3o8EZhslz>-B2L8qOUdRiOS_?*%`CUx`@uHa- z;j9$Kjl7c9nK3i)3nFCCKZ*?_huEP)^WZl;sR6*k_2Z39rT@hs9LgD`3BhNIK7O2A zuL6iT6D}~5j!g^w0?PtVLpF)>KWgtOFHtD@Q%XK3!6J_9a`uZYfjtwM(e*V0YzAIE z4W~nQEEfuDR;gU)2PMIxS^t5eI6Nl2sWdvBFlKIPgB3Ns(R#@pbL{HhJ~=rFSoxuQ zSP>-zyZ5jV`&WmZxd#BntpMoYT>#OE?PQl&SO%g<|Iw9gd08tA;6iwIZinuGt3y|7 zoe$wrlOKPz*-mzy4+b=R6q7i>9At@*j6tFZQS0CDhdkl=jf zdQ8wy40`j-dp*)F1rut6~dY zXa`tK>Ax2o;b8f3dtWl%!VzVmv*6^rO$ohL&*uw2L^T$v8X7i&dkd%7-HEx$r%&~* z5m)@y@f@=_(LA3b_%79x&NQ^eU$Ie582z|hP=&i+dB62cZ#v!Fq!KnZJe&2lBuzTC zt6k^O(smoQVJ5-#CO#WT-bh_>10{J(P6P1%)cGPjy5tDcAX(f3D&jASv% zA{Oar9040aUp)41X0p6+bf)(swgtCJW_K4p%Lir3>IU`>2!9nkl89l({J1TRb!+DR zV!6|?C{JpCh7~8tLq5>eJF^YfFq#Q3dFW5QaLtH6Hm$$PHJUsuKpR)yDBpGzFmdyy zS+o}2bkp4{{zLJsc3&yfnTBq(BsAf%))XX6&2I%DBqIZ2QCPC=>A#nrvQA9F4Pc$( z9Cd;G>go@)k6yotZMy zVmViKo!9m5f@Hkcue8&jnNwz5+bvUqkp+C;IGVI~Gq{tloUa863+OuB?MJor!1ed_~nL19m?tSoYUYDGFYJZuC`4Bo9b7bpJkx~YJ*8L5r&=&pgi=8%Dt?JWF)@oVv4)nsZifpKyPSfUK{@^D?yaT!bXv@jI$} zGQ~~zc*;1ZFIGG;Ew}&Jn`57OsqU3Mv+K;Z;H%b~b*^-DX-WbeA3t7Dak}R;hhMK* z|3rlYsW?10>$8{fjG=t}qw@FWo^lMV@AbRA6NI-K3*uFgxhign_td%4`xbP+W*8u6 zblmuT($!KveR*LAs;lkE`PFdFyF~&DMo-R@)s=)@^@8eIa`SGUp|Icp2Nw~4D{i}~ z$4t-Ck_QNny}A;W?qYsnMoja2+h&6$nCOKe>Pf+1L>w8KvY<+|lsMy8aVhO> zuY7T#>$=3(XiJ*-fKrf&^W?Rv4n63_I;C1>uD*cq1DLcg$-Zw}sb=(P&q#g0`FYg;2tL{QPllR`!gRvi^^ z6;why_7t6(Ey_R_wcLEuDn%l21uU2Dc|w@4>7GaQw#fupguH6n+{1wCeLUVWRbf%sIk zYO7@yPFU&9yz3A?#d|C3AI5(&VLCwcV)Pe##!z@IyIRM*>d`4|u&(nRXb(e|rl1SU zm+usmjvVKgGOSZPF2e+R*j|MjY;4e!^d4z$DA>@1EV~LstEv!m#mJ^S!bQrFG&@SX zf*ef&LstWBY`(o+g?+tK;o;r7wTo#B5ASotB@%g67}lTp`=cqBOjz6W{cqzeJ(9z5#22d1Gv)dha`?jo#F-?QN{ z@|6zhwW(wiD(bIpu$523jD~IX@*&0FBzeuUnoq_5(b=3qv-I-KUTth{xuTDqXSX{K zV{lTXg*cbe5Mmxp0P)SH-u-adOEXjqnvrZFPN09dsX83M4#B68-7~jvt)i`!`?`c5 z@P&lEL2nBVNkG4ePNVEgBi=t~2*|+Kc(2tUSLhiz73PR0(scT9hiElBp(vbq@K(XY zKAsDcH}e>D<=xoxexmWhBRhCbUu#~D;2(q!yf9oz@as9($FMadl-Jzwj9r8LqH!&5LS)ng*c+9OCu-m zA^$;c>+;O&uaDv1*A=wd1eSd%T3g`p|+eYzipRnL$*E(sHDp~+1kX;SBKd7a*S578>PAQA*%j_Q* zNNck-edZ1OfKSnn>*J`~m~_q!<^N12ziFz@M=neVB%s))rXw5mc#NRZZA*ff|<4apQ1nD#!kt}X>eXg z{Q)Q0t(;H&pb@kBul7l!_;CmTrhJMEQ<@(hAOC*j){v}v23zq?;v1}K5I%*{$QAl7 z5zu7#N}ozd8&$MTks!w&ZA9@8A5yFYymj)|lB*QT#QUrE=kfKbToDYH!qrPz#UC?b zh-K?6QQI-@NKoD`O`0l+c$?FADsBsNyx7(6sBZ40bNJN0v9%>nDG0H9SCFs{x`5Ls zjKu?5Nu|Yf@c0eI6}{KO1|R7xtLMUA$}M-VL#P&a)pk}JuNK@A`T?@^6!&Z0{`qd` z^pP|(TZcel!^eY}C}O?6Te19E3XE1{ji-L3n_D4DckT*G_JF2$DZS8*t&NA% zGL;gnXinRuZ2&$&f=^H#mIV_SfRV!x^^WkR=o?Dxt8p93C3p=N0oQ!A1QWeQiZlHG z7lABFTut!g&KkJn&gY5OFj6n))`1tn+MnFc{;v%)?i3h!8Aa(r!TL)Gpu3 zHpON;X@CU6xiV+yu|M*apN#*e?g~WD%svd1qyyVz{@>P}KzRSzGS4j{G#U$Zjm0LGD4xAQzL-HJ3FNRLi zI_?jS{p1LFhzlofSM^!llypwmuouB_ZrIqD^S#dE7o(Xz8dCPQ{BemepFmXB*Y%Or zeM}@-Nwf?TI^W-IgjTOcA@FPmrlziu^vueKZNScg&wFDzhFRa%^ec%Rrth{5mGzp` zc>#&QLaBDtHw~(_kv}4)!#@dHEc#*E)lL~ios8Vi{(R--7JL+@JKOZ)hX-l}&&hA) zXJTJlmMbfHep59iRfw*MLXqyg0OVGAJO!u?aDNmtnjDS#f~1Qa4s90MZ6cFtNZskWH8L8+jlZG9m+|6 z1E)Gs)%DBFlrrDpw(GuoXVK~;##`6rlIBW)n#P&mj5WQ4bUma(!e7~CjovUwau2+g z%C<%GwDVJom?sIfn(P%oP<=XZ9_eC;sTxe}X*I?_J#-QNzZ4*TB?vJqwHm zu1pjuf}o=n-Ru0RIy))tby>t^=#aowCYfdW*IX;#;kwieN}QGFYr0qyjlV~offweT z&fIGA^N_*o(t8)7T28k@flDUOAW}QrVqnUy7TtK^rFp+2W0#y&M)0WT7}16=R_%hg znl}lar1wU+!C*`E7|=46Vly19>p+qzDO<%q;MsT8q<~}F^Tj<%>#~Y9f{_WYzZJVT zo{ZPy^Hr`Uw+DBr%6HQx#xFZuInsM-bl(fQE^>9Ce6^@S*6Ha*j?GZ|7U*+%nsha; z?FJ{@D)v6vt{-u(YrEX}7B;TPGi|D+4}R)`>aTL|8>T{RMKVl_Hz&TXG_P4xMI3IP7B zs;^Vev>uQHtbpj(Z85q}nXYo66E{up>m(tTDU6Sz`mldX0B}zU4tVzinwi1R_$Sku zwQjSzElh2G4QCyv?vlt=CkY~_2vqX?UKTq0h#N#-i(+;v@LNq&5A{j1NBziAcEks1 z896x}fUTF37<{GnRc0938oDi;Yc^EHOZJ9bprj4kiG@7$hg~#F#TL|@P-*{RWM9m1 zP+8`jH0aQ;Uhetw`OV&u&nDF||DAc%w8``Z| zJfzpEG|HQuc?fZNQm76LWd8>y;%YG%LaIsrh<`t$8~SZzPqg{A|N3bXrQIH@k)a<4^hFqOz@n z!$bOlHbmvG?mnJI_Dr5nIY#e%wu+|?Cf3fS6N*>7wq9=8<1p}1-I=+N*?X1LL(%Oj zWG@=IgLw-i04TCU?P-gNG9`MKPkV7rhY8#}!&gbjixXk%>Vp^NdR@5QrfF=#rY3%E z@wfmzRi%s-z3As)Za}D#i|sK$tp5iGk@3ph0Z<} z;vPymL|$TXkQ^&w;=8#o2t7{;&IfPY*_xnO9#iH%1XAp;-$svEnr8o_rEp+5S25Rq znm*OT`56)*5p&yC*b7-+KMEbT00IV|V3~m7Zr~(oWBw*nu>LGojF13A_1hTJ`&=b& zV4#ZV{`#r~h5glE&Cxx(fNJJOWWvcNC%sL&3KbLGDcM)d#PbXkf06yoWK-kdg`YpR zMILZY5N!)npcO8nAM7HuMKMH(LMiXU5l!vdLZv(RMfSz;p(Sqpo6`3noe z0%N~m>llt%okC0;@?x=Jmr0s@)bpw5votolA{|)M!6nlJ@eCQIAt(fQ-G8;Yf1Bf>AJ;M`$;Y0 z;;eclaYKVsZ7%zJvs4La{B1AVBu4nkJB0VOvT&8I`ls;*Z%xzuE6QMdqTBy0t*yqb*F;@IEU9od?6d%o;#aluhmz%L;1u&~RX z_@M6Ei8C`S{Zff*ZW~R*nH)(xXklr&m!tGoYq-5WG4Jb}vD+ExTe6c-54;%@VX>&< zvW*FD=yTa?{0jH#T_q&wlv+5o%rZF1HE%F{?%l9|YhG~(*Hnu`pZ)kYpAnVBquVgy zBj?aaga7y6V72#sBA*Aiy*}1I&;F7vE}fmX>|6k2C1JM`ULjxc0PRipLvNnM(`zBA z0DOh7`zIWAQs5=5OCT^36;}>MwEn%n33p4CldLBVW_W~^nx6L5{@JI~ue6RIoh0oc zh;Q6J4$(4jUS4B0S@v`gH`#OEoogEE$i88JcZ|`wru#gYeVLJYGg`>%vHZOoX}^@_ zvU7@e`XT_LI}QR0ZLLQOU?@m6G3VL3R-+Z6@JVviM3(R&W9>RBcN3%um2yRU3T_UImt}ZtfSn-0ZXKaX$w%zP090NuwCp#&%Kght(9gys&a1G*=TVhWXQ) zZ`jy`zfUaQlnq2}cG3D3f@l|!(~c0=KB0}$)W4lrtQL?(%|K^k2uDns$Cfl3f@ zSUvRShIIbYG!GK*>nrrt!d7hpdrv%>`qrLvUkTr9W}+aK>{T@Nc;uspaY3b|8F--w zQ^fbx?spu9L>tQ2h9z#KR+l>WI{#62oA6V%W#q+y_K}mfy>#{bEhYVTVL?i2p<-pU z-nCV?jvhv?^eMEP#e6YTDbz}41{F3jw&TOa^Qdwmr9YhF`dPcQurZd|C*ow1hS80h zgbA66VAhmvmpY@4u!o10|MfS{O4eAKzi=zc@ZMsA>*ROg^NviDqXLps?_@prFInvc zuagA2iYu;r;941(4<7%!WVTNfJ-vSyN3I1dml1M&AUHK%{W$>CuLRYM$&2@BFstkMTBLhvMZ+Le zIO4VF_cfrK74S36W{Rdy95dY*6`{1!VF_$jR~9~vB#L2ba}KTX*iI(N2yeiANjMSE zKD{vzo`-t1uA!+43$rRbA_`d(baV1e>9FOPnrqc4SxaU zl6y=c6aOg@oN0R+JUWisvAu%S=L2k;HI1i+NA$U~Cec^R+L}trm~%Ezz7xB&pUceC zk6zNv`_huK>YL7buKSlc_Mt!Uu{e}%MIAUq99JknBp4kc^Xh@ zV?lf*T)fq>Q44N+=45LEL%L7e$=h#A+D__r!fR%F>FG@mIO z6`mwbEgR6{D=zK-30X({>1?vGzH+gzn*2U@^P8&4Ft^u(hadjxy`I$MWH9AqXV-Hs z3{E7yk82Y$oU2i&{|YBqPQa6QJSEIm8o-X@2W$Gb6d+JaHJt20aEOLlcNa9Wxl@wG zuwT6kKd11WQw6cFsOyJA@GuW%d?vE^mttSk;0NPLlRVx#zC?qkT_Ptw`bDOya|rT@ zOzl$8%E$?UYoq${nHg;sG+(Q|TXUO%C#tW>h$UmEo0v0io(p!{snqJ}ioXfwd?_j2 z5P6>2;{+Ax*GCEblS+vk!!rk;yty$h(U^fw`S=Zw?b!Y5Ior#P9U5-oA0*sr?D89u zUF!rNEE^zJ(6k)&tmS$|iIgZG4?=>;RfnUMl%F?o;#2xR+u194x`vMOmT)LP z;B8d?b1T;~s5qDTT>577gyDRMteB|H-r@Ee9G*bs&+>v_$@YD2@{K;gul>A^rv$FnR_DFisvQyS7oe zJyXgQvNehyaxB4g*kefHbF&S0_LK;rEpEw>P->bYlQukC9r#Kx$69>9s)UnOTQCOs z-d@|x`(j397tsxZaR;=eaN%-mbTp?y`mW>ewHKf{GGT{veuO%-E=kIWb#>SOv6kk} zE4}4b`@igIIP5i4XrCgx%qNx4N?QG^XWwN0Co2xBbGnK2q@m}y65yt1rpm7d57Ear z=UUYyZ}KAw{LQgl8X!so4s5y=PSk|DoR&d#bFYYZEQv{z?V?)F}$BC6bn*P9#BwHrgjqJB->>#V0dPDS3R$KVqbUp zl&I6I`UfC~aw0=Fm?$~DgSF2&OG7O?=Dxn(l%=-!+J&1Ho6IlgtZi5K0>C<=E%cg( z5Y~*FZ>6CuQV|%qj~9BIA}WmOzNJdgauh-+=ZR|b5Bg37)0;oTiFY3|2639VmMt!I zJ3zH7>Pz}!EA))$pjv9lZ5wpaN#+?&^WP-3jZ&hC!g78N>fFxhx^(qwwMG9P<4p|<$xH=^2{x9l;zO}Fn;XP< z%@z0C|I^rc_u~xwe5E~DAo*B|7@4a|;N$ZOtrG=UVw5dFfJa1WDK!-c6i9-`2sT zgsdDs6;i9#N0HxbH~GDtU*QOyi~XJy4V>USam8K<~@Jh&WHE3g&CAW za|aD8u@-|bhCqm&cR1hh-D~6Ns0qW=62W^Gy)h$TUTMXD$M_+V?<#qR+~;D7Njiqo z&+nI#i8Y}8f%&X0uhIMGG7xiM8B~T4@z6UP@t2>Kp9O|e+PcHOjPmuujrOVvrxR^R zi*^f4Z!-pkk_n`w1v-h`Qn|@Qp?L2<7q&Y{Szja2z~D&-1nx&GzHrd+f{-wZE`TVU zfM8!ifLznx)j(NEco9c-mRW4uFh@x`*CrgM!4}STL$x+Rv!$T7t@Pu_w~}QqAy8a3 zc0bP*QqJ%s4JFm00;M7FzZLeqektMTkVfd8^5sRx?yjE%-H}J%0|8r2w{@a{92*y7 zdOD7h((*rE_NV0Mb9^)WY?NQPT|dJn!gw-b6h?FWF4IH2#v*E*51lp72+$-x%UN5D;=Iz)_Yfss zYeSV3x|L^~K4+O}2b?(VT1fL>0my(U;#Spm`q!RxKt!J4Ft@tfmb6EOCgt8^jSv@u zP`$_2<%W-GdPezrB+0Dx2ja6|zo8UB&c|m7v4jputU{&~SSlw=R|s^A-W6PXp5+jB zUD_ynp`WXg)NR|K&68`jxLI&!W-FLxHh4|5kSkeZ>hs!6=Nf|ucn>73rW)|p*1zud z_Lj5`8u%d8Y&w8uLf`x0c6!lu-gCmkiA%bA*QRfq$w<_h;8B|47{Cj6>gzS8

7N zGQX-YS_qTA)V2U{?aB$Sf4o;6!fnC@VyRy>bme|@NT`#q5+o%?>5r6qU<3MX2o<9P z(PHFU)>xAF4%=p0wC78f4+kE7Mgs23-M=lnTTMsWPZ_96Lr3n_Zc?F3k6Ejm`7>Q~ zQtD`vi<;>2N!_SOB*IRQy|0c_e!V3^2!iQ-Wk?2!ck5Tcm*#%4-+`6%U6mVi8Ne9( zOaL5!a`c<{GjjbMw)7`uJk@BteTv2$=rFyEBzx8g&6nFhxC8$3Wl|~iuX4j-I0|1TCbK(w#)6$&Vkm(^ z3M(4p1s57)&I!lk`AY9H(mg#bq$uMmC}QCsVzg8Y(t;P=FmeX_LD3T?}wQ6XR993&4i6GPA z0+8YHtA{3sqZghnd$%o{+RIvR|GR`v1p+zFE>Rh>xKc}@JN%B1!FvYyVFs9q5`5WNo5PA)gl*ZE^KN9-iK87%yLSK3S zg|^b_=4WQjF(AZ$p;wGA%K8cULS9hV?8c2>Kyal7GQO8D64zEOUMD|uvEfx1hErv+ zyoY)u>^JVFIHaT@-JWMYclczyxSbq?H6a4-V!gN~{7dL^p~KMFm<2;4wr5ZeUOn9^ z9IJ>v=4*=9I-=^1Q;PC@l<;cukv=DA3Au*xC#ssr{J#>*oTcTmvcmh@YXxI3x5E`( zH()e!wTfLwbA%P?xPi?z@79`slldGt&isthLktKw&3F&wloD+`CvkET*QQ8#fIMuOO#pJoa?Ae((sI&SF|3K>0#U8wbN`56VinF!Ca%_6g3Kz2_|f#z()XM2ZxH z#YQDZMXENfbT3CjoMzaxZm$CJ+X?l=KW9(_ir%1oWj=* z94&GL%IK;W?xO1TG_dHxN@Fnd#XTAZU0zp(x%A#|XD}7}DDYG1SZ`e?e(QcXTyJ@e z$luJk_^r-YNuvk_Na6{S?Ke+DG3}5bv5#6*B7-_KS?^=ocq#n|-O0xrfu3#5Cqw}T zUF=QIR9n))g?OFE+_v<`Q>8Q21wUh%_<_p3OXylh6Nl!=KWz>?NL z#CdXp7ypX1>Ql)6&1y4S%U@CjMJaSJ1=L3-X@U7fqC z=e4b^EtaJyGQHNV+?91&OUp*Qa>Kr{naqIiq=Y37;W1-L^3ua|BTcDah6E{G{#Qh| zZ8}um?s1;PhRNOdt^B4(~|pJ)@k5o5nm&M zZsk-k$riu${!1y3S}$S3v&7__h0Qt-c*I$7CF^Zi^u~{CTItMiS!+%LN5l1K*~x%_ z!wnkOieTVqk=VH%bAMu7;SrRF{GVv=tKw|9bQpEz+Mn9HF<;q-k(!=Q`65HarLFDc z148#wIv>b=S;sc$*$^G*YKBuh7&5+!7n+k zR||dQkO(%LvJGTH#XS9NS$*KqTWRY+A|{>K$9f^k+BQGD52rrttOg2Pw&2q-MlMRH z03`uaa57*F7~)XmmOTYI{h4YrEY5N35<*AM!qc@STDZQR&prodS`f;I`?8{8&nz z8!#7kF3r~|FL~BiJ<-p|tTGLz6_s_Ls&X!y*W6n?#QS97ULwaPnUuA(GjgF~P^waU zWmfa$z4uC_E^x-vzS^--+PuwC=Hq?l;}VT!$LW=rOFd_y0D-2ry=&h9iRt~m@@nYS zNquOw!Q`NwTNM1tT*#^A$l7-ldF&pjjrLbc0tpoxf}`fM`c2;Uw%H2dj}FX?X@0fKU|rER?CD%6cYIIKSff>Q`6s4fq~T4FCAy| zpL8-rd$4n{Izk!>U+&&?LZRaYU!VG4Ezg@MktAXQ!vvsyi*BqUeK~XLtX@!W{z;ub zmzv2dY*%wPjtD7|4heRip0ruV*}Dc|v*y-mveP*ms*g&zC&gyp!~#gR9q`?3KMUnrMhu*tr@*E#iEZ?08CkjF(@l*Y$m4_kx;!bbkll z(6TA~-8ISi<;q6XKDCK|{XMb$9VS!V&PqZ5PqKAk5gWx9-{~y0_v`WQ=-WpeUJ~XG zHTvx#sFx?U2czka_m3uBG25gEmwk0f0=B}{6$|W1x-)C~rxlakZHiX{BvNvi1jPjM zg9FMtRDz#dZoQ-q6PWcARdumLX#I4&>F>itvNPZ~t9VQ=Az8iZ%1$&#N_RhpJ(XN z>iRJM?N7oX+5`T#=6Lr}&lWfF3vS|4X|FxSEUWN~Rz~v)KsG#jOgXq^&3alzB&>6l zh8KTs-9Jm(aF|+lZtW>;UEA}6D@hbc^n)_91HdM)5EAIN^9)J^9T(2U>a)GpT1ZXE zpW4N`=NYq&gTV{+0=~*ta7G4L?>V+S0C~PlsogY{<$}g^E8EL72eljv0|+~=Dg!Dm zo4+3grEy`xjk5CcGA@pZ`avN$XtD)tcNO-tOP|8_aK8f4GDU^Un(@Z!DmzY4%?CYX z$uGQ6B_UV^h!{JW`EDhcs2ye6-F%a%KB8*$H5(?AK%mdKZOJ1~uWRvGuz8Bjf?909 zk4wM*Ky1IG&Y-=@p-^2yiv1ZZ%a|hL%+@|FJ9SG6h?9o z7wEpJx6f!A%Z$0~TW(bR?gUq0k>9rE+V^O1jIG3-F8n%LKX$0UX|5dOzEZ>D#x6_u z$4~@j)ju&|RoLjo?y{O)$s-j-N6fZbl^5E?YG_N6w$KNmTFQ3<{E2_ZW!-aAtQh*5 z1B#3>hAyiwVe6AV@n>x;hPl((Kt1Wb7*k)zCbW}gB@O9dz#$^8h_$#c`!U{@tuc{X zi8jk~YEJdOeHDG4@pgpl#`e1W%mdzp5nV>=LIYdOVc#Z=_kj-)zgoYHQA$g2mpFr{ z%L3lz5I#wc_%{^w+F6#?g*pAZGRro?y!!HAfOz7q<;D7lMHk-)*(^@fPTTzAXTnD7 zo;ae!xA7Bug{pH?ro`<0lQrsP>eX+l%E+E)Kw@tA47)0)LoOMHK+-HLuABh^W~t$v-5n;nO{?zgtp1m$=`Ots zaqHaN*K3k@An5FcEV(;(DQ%Ug=`#0K6@t#I6?U?}fmZ@kAo0P03vZsjQIW_Yb%Yxo+Gvkw0Y{{O`yDW@=={b zwu#O^w5GNOC=Ol925W&3F6c4UP%el zWx-;`jZ5p%nblf_jv{rxe8Ve;ku5L_(>mNtX3B0>eG6)__QF)aRBZJ4=%4NPqNwBZ zsY$=uD{X}xA?o8^_)F>MBo&fXZWT%C{?^fcDPw+BUr(4TyOe#7ql(_?O^*qM>> zRH6j@;jw(8sTyvY^UPjv8A>La&ApI_*C|U?GVSeO$KM3hU?aToC3jxlkYqp&$v2P} zqDY^Cm-p;wZ5xtkHh$i7xpTC4bpKRK>zRb)gjOw}sXkyZE%d*jBN~$Ohefi=-$kc$ z4+E}2!c1?4mSi#N!_sv6$H(n*H4*(Ig?*Q-s<&6}7*@^5Ne(9`e)yY{w~Mt`q8AuM z7q#XsntV5l3a@KGINlFd>CLC;4M%gb;fPu2QQ?}<%3E`CbMq6FI8TqFJqm6ei4MkO zJq_;4SNaBlf5NAFA1H9)OQpdpE*v{)a#pcw_d1sL*(_hem}aS8j7cI&w_1c^ocovT z6|ci+HT*~IB}M%GZ|4(Bsp|-%>(an-cjI$~oAmai%M@(pnZL(D)#-I|B-{~VZ+ zfN%DqFY}4`A0p9wUj451#eeW$g90OPdKmdyq`d@bgb8{T1hgIg{I%#m2E3$(ORiHLV;O zDAVy~yWyJ5dBBft9^F&-8!BB8fi=UBc{+b{Vy4|Y@z3nhMf-gsZC{ndSQ=HZMQxd2 zomg&ThRq?pO?B1ca6L+!B&tl$YdG)?Nz5x2{q@E?yAPd(#u0{+&jyZeK9NCj@T3+N zb70`JBJU!}IOPiea&SL7o(lC?o<`bOSWsRGkexUbXfuh<(TF-NK`53Q6l_DbXS3}u zC(|m$L*cp(w^=`&%Qt>$TTlw}my>RhEAU20KM!m@(4~0E!tnhx_HSn$jfxXL_m951 z3~tM1JVDp~k{h(D^VuaJxq9erQ=>4igKskz21ez*kGcukcU@F z30pTKG~C-W+!;*&H6b+UF8{oo|Ns<&O2M92&M}61+Ukj<@T3_x~WKRK77iwjD3wTG?>B zJnhO$Og}y%OdiPyL=Lt+XNv%--64<3$clkOP?+v(H2FEm!h0TIw&KC`Au^Kf<($&S zt!cIB99y+tI}T2|8bAHE9#k`w4Gs-0YPkG4TJ4;=btk7TYU);k^}^&rf4_tAVdjD<`&U0%nZiJn#_3`9R~ms327;`( z0i#kL02FqVW=>3+CoX?Ez7Q^lul*vgO>4Tx$ z669`NVaE$?TE=AJdsNCtk#4=ZgUVys9^p(BLJfzi8#JGRp-&X5V!u!Bo9#x&b(_VU zgqDia1$#P;yl_1dF>>vLox&SPp>Os!_^><5VADgG_e}vJ!%543NLb&jT+VIk@0ZW_ zbRMy&H(*o~h>vU8aE2b^%4u}8vt|F)dSIT~9Dsb*`H?Q4r*U27tTqxFs+q5|_Q~^A zE~7gQTadUU@d>`?)SRBNe?t=Z<)ILptJg zEL&_mDaY&F{vU+9H2uIR@P1UfN|^2`kj4rr#mJ<3}!C>^41~y$z_@tWspkt2v#lwZ|~g>Q{1%VcS8ZN;DqvHWjkdBuzez) zD+JX&oVS6#-lIwyL)Q&tHC^mMo4OiKA7CqWZuCrYVU@AJ&|Z6MnIj}Dl8IA27vz@f zG+r8=??pFSWPoF7TSH-RVG(qzjoyLSRIU|*8#!m;Oys9fHHgH%LFqDiE|<=%4%#E3 zJQQcBP~+EWcVom>hLrTeqY#3ASBRwgs*Dk#eLtOH5gi82p}eEGPwoQ#cMf72)&@Ogfr>58!lSyu8=*4EO$ zxTgzRk0?33-U+6_t=+HSP^PEV)CW!|CZZ&BTX)!1Nk9v@+s&k`>!a+fkYxVEU zSOT-od{L$~=l0~@Xjsdk-l?&%_kbM_&S94L8l0fBvnmCRC!)% z^^J!#UTPc1x#~K1v=R8P#ZOpxUuZcKfE6Yavo6IWtamx%&y8Tg*mHgAxl3tD29#x+ z%ONkX>OemXVCD38t}0*kTy5_)=#$W$hs6Tr#tVgW`%14TBsyySb&qQrzayEXaq=oC z@L%fj&h`qRDd7OKTv*7qBUUP4lKvMeG+NsWf|u_xce)4(Sv++dH*x=iY6~;MslTu~~fT@<~lrlY(92fql`!@5jpRCLr2I zPA-McKVV{FLg|Zad6)D1|6}Sb!>Vedb-fe?L@5Q429Z=ky1TojyQQQXDe01qMJ>9! zLqJNpySuyVynK7_>pJr%{DB$c9r29&v5M;1RwNDtzcAI&nMzDdEYG(jt!Xk?Paaz= zR{RiEI=t3%IWs(f1^E{qF}(I43Kk#Dfgh6Ah(UF87+zfQdeJ5F9R*M_mUiSMZ_j1_ z6YhPt+5-9`v+1i`zuN4jEy^$5oU*|^L6WsP=L?m`ypi*R*~kmQ`hJxh)b_z=foK;+ zMYPVZuL!0i;U`L7U!tGSak*Nw&AIoWdMua=ylRthbp(XVu`f008m!|}DodZW>zK|e zJ#TU*5u{xqHNEw`GLruz*NNdq6$BJUPXnvf7{J@E(%T|CpKNAB?qCu*kC!J|M z+UEC;BV`3XN$_++-(W%O`*=tr$Zl!)MJPfQ;VcwW&vx)PUT~Vw`pJXU;i}kJ^zW9+ zQDRm@6e&}L7Jd02qmUfmV9ScnR0Gc3yW4mR)77Y!;Leffl?z1K>hl4ET|F@Sl0V5Z*E)M|%!p5+!;yw|}bAf4Z~GM3Nlt{?u_76gbG7 zfNu;ZlD2a7Um?9BO1{w=#{*3Tt~*ZH7j4YOy(Gf)uT(%JL7Q)l@fX?ZR_?<*ve#$p zHRVrl_rFm$40Z$dqVx9KaOh-uK{8A-mNSTu=*AVY z3fy!_u+mA=Tyi5DD*@g+@T6cNT_WExO{3Bxk3I04QO;7mwg2$2TpK>cYrpAAcTzZO z%9(|^9kzto6e@elh`=5udU|#OMM?1zn->s@m_3xxt3v40ws~KRSJmiU@p$I4e)X@1>c+!d;w-t=IXy*p z^SSGLiV7;SpYMOS|+o2Hy7$N&GC^DlY>DO zoIh~9hDWL#pcf$&U6U_Y3&0IO17($99XVgBu{@i`pAzkNj62oW6$^S;WR{KsqTrB; z%v@OZafyga6Nc8`CtoI=6Ee6uL8Ye7FB9f(yc9_$>5ygaw;t4(^Pj?pOJs>lgd@&A zx&76PdMK4}Z^h*!2F4DJ)i}IyUE7Q7o7Zou;c_VzS)cE8A+r>|Dzsh$WWiKaMfT?z zz!Cf+L^0at|mmfHo>z&!?wgsmzOn!(IIR2)P}0^Tsc=DlOodQ4O2bowPb1Ae0zj$E$i~} zitaS>{|#T&;*G}2PyG}63dYl0uW)h^$f09E7rO9)-Og^1Ytfn}&+dg_u(vR6Qzgs( zVW3}_O=u1jr#aGl*~123W>u=W*_4e%xU*mL-LO zm{!(wwVTRTqRIds$2)`>8Joxk$?~`VwZ?-S0cnjJPj!_OmCE6N>-~f zIgWSFah-DG?qADrPOPVjK0s;zR$fOg30LW+fLp-ZG~7HJB(qj*lX-m5tl7LHe8A{& zN;%fq&?Zyh{@3Q4#&fz?-ncI!zCPcP_?k{q6-NZ_fPb4%FDYjtfT(G+ms!sBlyt>-w3l?u2b>de*d$o$Oe|x%^kVZY@kqy5Zq}RkXp7 z2m<+)aS{`8y8JskJKrgEBtPQf;1m@Vk$#mFds8G$L1{L32!;Tms9@)CpBNy&pODmy zid9=Tn2*!1km|gMSr|VZ_9*m=>Irqx`TC{pAnD@r+o2J8F)4GWeSKyUQM4DIbhkTVxadAP-oB7w>y%l&rxEJA% z`zfGn)vY?M@As@8y)}b_p1P!EM31ad{)n7SQi#?%HT5HaMnfYaCB{R+e$3OMQHO_v z)5C%47l!dAk)9NrZiJ3bXZ2L^Di;Qu$0o$Qag(*qPvuR-Pc8`DrX=}C`0WOX_>d);m{7*t^5GPL9(YtF+P!SPHdY1bVk2VAe2sS#r z&>$4yph+Zc90BHLQ_#hG^<5Zg_(-ESS`jA++5C@e2y=3f?jceh?+0ww6*2Q78j>+LIWqOYBpCy6uH}Y8XKl< zWohZaFOtOaIQI&V(&=ocz-p?|nH-^ysbV=z8}e$Mo|V-c@D3^^;2>jfl!C$RB6;}; z%%R5rk4H03YEM^njh=*227_08K0flFL5#EKnBQx{V-hq7()hxRB?zI=pTk&$*S0y& zf47O;sADjym8~^NZ-E*=%?KDj3Fm^yXxfOo*Yj<@8=8#~%Ez*R>7j;CMD5r?3QkM$ z>4y2eWm-Q}9Rz15=yVEx&yZ8RJK4Uv=_6efzi98bgno4#PSky@{QSs8w>GCK^32Tp z5vH1oMFd4AXhWaplRW;X@N?dKN;135!JuGTGP@U^2IT()Vz4mCelrZjA1bn*fJ21% zli%;TZSP|}DR?EuppIW}4`YDWjBGDPyaxc2OpMz8-57wbD)QuGv%haRcfHOTF58gD zx1wRfZ&2=152j^I`@rrYDi`_4 z#qoeAEKe?*W%zlW+mWCU3DZHJ(!40b*A}P9=}=>=#nQ2?&OF@$2JlXdz1YfPCP2e++D=NyScK`61f|BL~jc-F+Aq;mMFNT28 zgW<18o8C*kVc~o{#qrz{tDoSnO)I8&dPi=Pm*k{|%0_JPf{Q-c|FQ34>RBCO?|g$n zJpCgw-8=WmGT}_K_EX9N+uauYPdy5!|CuJ>QtB{TO}K$5m}|OI=CSY_)T5Gdo*&uP zGT=OMo1^osGvSi3ifM{RB5_Jb0st6(j0B2tQLv{VjznNe5qoiKcj8EIsx5b$@R?f| zk}stToa4qy_&?*%J1+95j^+zFTz`a<1(W;+i&=?P&(E^a;kfMbOkPB-7HKArisDGP zfPwS`9@<%IHCW1RaQ&r3il3vjDT}l_hGfrbzl+fKaO6;7c*v4wji*rf={fL)A)JNK z$py=>je3|qPOql>nlQ~%BF?LI)i4y3us#q&Octl1utluR{E7~wwH{eeVx_0k?nx%s2A zPY$x`d*tp2B^n*fMJ4}~;C>PI+5hR)5>vuuw_*3IXTHC4E0X2#aV>e;81WRz;|)Lw zmBs#FFQVM{J5^iDw4|OfKV~J(H}ybFk-;!PasJ~QyHc_5 zQ}!(kfjCjvjV&w~0f?J2)0mer^{>#zGd%m|RNMRR-yG(G>u3M%fh?S~wr2T)?*sy2 zl6eO856(rz5ajCqE?dI4!{%`jn9rA>C?}>AX(NYy$>jJ6*WXB9R;-omWmd{!#KNCy z3`T7wi0rB&NaP@L)yA$n_0pMdng3;2)7A|R&Uq#l2 z2u?h@m3P#A0_~oGqa)E3*N3d*mO&0$L2`wcFkKzezj{wXv+lD_Tm(R6uLFQIlgJ!> zn0kvblZ*wz7|JqWL5Riy0~o+&`p+?m1Pvg#z{UCxlljEPN2J5%U!Asol=%2__UvI3 zEO0Q)F5u_w_AVHAFDGASUC7vvsNN=>*}RgZQlg)!J=RVZ7si1QAtB#NV6X#!yGqd07M)&KNo-9Sw(~ zpyB`6b6x#-x*rhhT-_{hMlGZ;{f407>hOYx z@MWRpCu`rkxj`oH|B;Y2BJk%rfMf##v6s}vIo~>{H=@RL(_pu*KRFGA%fm{X|6yTv zr*KI=3GkG>Rq|-2{rJjQh?>tLv(knIP`SjJNFYjHL+EB;E3aXHuVT?`JtJRuwz`S& z;nI1Nnn^JyGP11z7dVcniHI~XF)?i7LU}z==c`{Do z`8| zs(96-l!cbZu8o^1efHPhrUM(PS+pb8x{0PmyM$HTFOTe&-3+N|h9?d4R@dHIjxC1$ zHSVAQqy%q!aAwn@74gh>g&%0 zlkV_u7u_x1s{%*W$9?=j{ruDi|25|mv$QZlmO=^mJR3PblB(dXC8w_%)3={rg#HiJ z?Z6zJ`RSGZ$^PF*1YK! zWZWQxStM8P_5xqjjfb$>2IOj7(p#bftoqFg%efjRL@HYC?aMxKp`oD;Cp{H~MbwYG z(2{*{_H_n+jpb2^h<-y-JK5Bl1?2k`2(FJENAS3Jxb3c+@2Xqfnw_&_N#|^lN$!u! zC&fC)-nsRqSw}n8mo=XDeA6WTzVoX2vb{3BZ-D?>wi=#_{SzQ7*rb}%gv{Ix9jUBR z{(aSL6HDk#;^6%KK!Etp3Fr0nu=|B=|NUK?uL9ZX{UNmGB~{0ztXWg0m6gXV0aE16 zn?5$b!O+nh$0rZ9-EFoV-@vw^vq%&?=UK!n)uw8fHsOpg!N;Qu#axQGrrD^?hi4)e zxAXUJmRN*9(+)u4#qqJjW)GT)XYp~xG-U7@lZQv5Kj2tQhcE+6Er=pp%m+tm*HmJE z+l4qJyltW^7qK9lZ6|Q+i5gOB>glXrH7P$w9|plV6!)=%z;zE{z#fuI#-hPyeyA#L zPcoK0sWp43ShT&rU-5+8!T{W6a~++b1Y;|!zE@0v-onPoa&tex@}fIe8S1dr=>`;! zjug4Hm(pC|djivUmx0nq?b1KEecc3yP1KTfe`m2BZ|>)3+Z?8#^%h^2F6Krt=m+&S zzHP0p17;G=w;`C}J@j)QI%`hZS#R{wxLDiKB7tqw!s_JnY{Fion>CO5F1N$Y8c>Hw z)5rB5Rv!&cT3xrz1OJMimQ${lxy!*vZpj7_)rCi7>{E$Ni!|=Yoev4U89cV`%p0CX z4Z?*@i?@#~YdY?WS>uqe1x!#}qy#GaoCzMzd%1f40kw30%Upcp$VrQn!O$zQ{je+^1abU3##EhW&bt2aGJpt8>B%k3B-SZT+ara|GP6 zd$HelzY(~q@_ciHj7DaFfya&%j9hzjZ57`01KHH8v@b|2>lLA)Cv)tnZJ9E+Ekmk^ zfY0LQUocEo_StNn)`jykVKR9n?*{S-r6T8!{SqPmOE);OAW5PBz?Fy6%vNt8x!RW9 zTeBsEH94pl3$V=RT-u)JxeOF;XTyG@7X9Aa1LxvH^q$6xKgfxy&P8ieh?}AD3+wRN z6Eq2$Wrl#lM@1P>xq(vf+PC;Aj;CcdUsNGL^M&6%Ez}&kOmcv*JZSe^7&KS*8COQw zWE|0~^ojU|A$Jr8pq(z45fPUEAQ>B{HN)VcshcioCR=bMTP`oBy>ersliMu=JouW{ zsdL`nX;gVsTilL2QBb{^;fs;sB=DH8uBtK$?Zw|XQs%^N881JcnTY#^m+o)Ct8-U! z>=1#hijRuX)^ZYh>RIgiVMolzDyzugPq#X{@!sFsyH?B+H@=#^f6Cj$nPYbFgb4-i z=6xJ(j}@P`PJy`ywc?U!Wl5$x5kxNL-XrHUqov{~A@*BU9h0~PaJ@3~Zqpxu4fO90W{UaT+A7l*6FJz(!j0jeuVHW+(?g)Ev zEpryeDRqCOIV{4I65BY{;J+E=iqufqOYBy_en&yxVXKw zl3dlELNsIKE&D(A{$9j#XF1~9)wGnh$h2FAZ-@8%N{}$)s@wJWvVU&dg9ZT^NfOfbyPG@w?_ z;=MwI=#mIV=D!B3s#6#Hv}~T=*zKaR>Euhh_5-yio5sU6>ZM}7V|)brkWEefbq^rd z0lDw(=*Im-&48`t=U*FDwwnd3O3_cn2Wm!`f}sE!or){lkLzLI_QUYR7>aiW@xNPhX4G~TG#`vF_&YSh7fdaxrk zR57_1_Pvm1?gsDaBnOP!pIrpEShq8i&8B|xLt8W7d7_p3a}}S;&Z42x;hbVkvqR@z z8Dt7_B~+Wwm)!=wVRz4k{88|2sopgmwOt&qtCub*k{`j+BA<&SD8B3|iq4$Hd@CPe z)*FlO@Ng}Ggo1Bcr{!XLc(rJp{FUcxpKUQJ3W{GmoJD%Zr`)eiuI?r#f2SRUMP9jn zjK_U1OIp-dDq_@4a$mzMpjJy^pD;s)Ne6tt#LdHDl|_OSGw@Z^E-fUs{!8-6)3)y1 zMwa0>2expv6!=A>ot?y+_DS?v_HJ&?5dHZru{{#Y#?kzd1$=l(NdfnkNAg#I;YP)2 z9xZ+W2gx72`4&F2spVE-t`uq`*Da>x1GHp$)kdv$pT{Oh;4WqdTZ|fRy(&WMI?S2dwC@)K9?Z!rk?coX!L^5(ni8|nNp zMp=#9ZmrSH3Butc!QjU%J!8w(krfe{bwV7VtzA(bJO*XT$ORW2-QNop;U3<}(u!gq z?FM%C;9Y@<0Cirb<}q1=}% z9!Zi1E+lsUW#ZsQTw^{tZ|zxA;b_{AyB1kbBR_`_DWvPdWIRqT_f~=z4IQr7;L2l) z%Su@GDx8j==X@>0<(1zu0i>o^H!s-Su7D436&qhFf76B94(Fcwf=zyfq?vhx)ne;0 zBznX3X8Y9bu*6jHWgh4%a~HJ<*V`4KW4>h{xj9l+IvFUDWkd-n?h`%-Vy55@coWI+ zS8^)6>CfD?LPD?o!y4&p1RPICH&K-g=+I|S&J!j;c`79}-HJ*3h-S3I>=##Q0i&Or zq~WlOCO})gMapHmvkU;;KqenraR959L&U9HI4xts?vLT(lkA9wx%ZcRVCkz0j{1pt8d@@83ruOOLq7ZOK2Dje}w{L zn(oBvh#?@h_D@cWxt(G#maZ`D9XNB}qceGfhwOq)k2}^d`3g6EtdUR5U5lKhKv5`R zY}4_Ch2Le00{ei-+*e*y*`gPvI6%7t&(TfZra|#29&o9_O-gLmNIm_`}^w_PTVN82_u|LbB)zPKSCHf5C>dzLK^@JfrG%_AsZ+dbQeE3)R2BY(- zkL5hKrZ1foOYmZ({Ms-6jMe214Ezpl6FFG0bHR(UI{{Vg&D(?>TMBqm4_vqcO##W;NS|#)ErC#W#&z7sAHnVg3d$*i@Vz;C)mbSK0U*0*vtwK#%Gwd^R$_F zvQUZB_y$3e7X=y!7{@_vM{)g5lkzKIp>`&XG#1|0F6_xWg@_qdXc;}nG6-s2q^)ES z3XWTv(qT{iy_Wmg7LL_MrGUBXUTiSD;3tdmM&-L#6C`6931C-1mw1Noq2rQ0=| zb331Ls(Yu?R=2Asa6d4$ne^ZIaWQR$UlPKIUWpu%SXKz1L_+c-zbEYr2A(*oQ>K;c zLG76}!alF83sN~S7QLDKeIsdCfS2W+(6fXWI!8Wvbd>uJQNqI`)4$D3{L-yJ;{2vj zjt-D8m5=A8(h3_%vAtYISm^Yu2zG1Y7C2)kg2gwZjdsnxSJ$M_bN!gsJD28zH5@k2 zg7h_k_1H0{KXounnd$nXc{LJwKOh!li`dLCQm#0>^K}O*#``nm+v)Y!|1~fmMD!SB zYMxQk#r<_w3R_0!YM{XKzkt~q2UG1EF+@|xQ9tQ{#k#hmT_3>+5N=b}g z98mRnvC|)$+uW((8?;G51;&W_LF>p)k_Ozo+(^zLAtBlBDA{fJ)1#ji(}Ku&*(e~B zV`I_G0~UV{KmvtCOj^*QdqR0NK9$Ry>Cz}y`aBFbm(l)ayMDO*m5dhAI*;}!5NdyX66fXxq9a`T(Va%)g(~^bNHO7e^msmYRy#knz|p0e2CP()p+~?Yv$!}5|GaQ zMb9CS!dv}Hym(67+k~OesL_C_{eZ|6F|QeAlc}wnT}uh!G?bElc8p3F#zpvAWac45z;`kvbebuFXLL%duNHDj?0Zaf@9bhvW-c&lr-k zwRNacuyE~>qQ~@5AbppnVdFPFx0rKq5sw#_oC48c{8XR-fFK0IL%WI$x7eV$UFPHR zr2)yUNUf36*&GjX$%FeeD&t93iGk2BEAz0jT+|aJEImYlO(p(d9g=gNwu18baN=<* z<9Q!{&*SM7*yKvtq>|x;G=WFC+8XGGKRsUibbvSz)L;GfQorUQz*fISzQKYd3Y5}s&r z@8Oaw+N8X*mJjwe2iHnB6Gv9g6%74;j9vrf7)dd#n`)tE?E@a!n@8 z-)Vw41y2NR6MnpWyst^m)+}4myItjZsFfmX6XxCjOlEGkoz-i~;^i%A=X(6hWq|#= z+|n7i(=Tlm$3^*wX_W-z?TKn`B5+Yoz{c*;+AsGxB#DK5p+v3pkM~6q_nJYak-fO= zZG`%$RGDYR{us$izGUR9eN@D$VC_XmD-CWTIPg- z)-p6yY882Mez0XMEA$)7zd473K-^DK@b>bGq=L6p;}=O9t+bE&uk@?V@vBcxdscH? z9e`7=-xK1lY1VeJI4l{%jLJ8xAO2-pW#9a15z%Sfr&!~_XVW&G%s)8Go}Qp$f6OJE zjg#3e?!`$`)5P$MIU%=W$~hT|hubcB1JLn%2!uhW*dz~{x}u0PolZ_#+)vqV7d@|a zlV%poa;3{u`mi%$F#WrerB)x%i#7jD?q~a+>-u+0a2sQZMx<7T$NVFkNy9Cfmf9uk zb@puH-?Y-m)Ev~m=Jy36`@4bZDo7A6_q0K7PDitzSoPl9bcKdJ*z5atUKgp#J+N_2 zed~B}&b|x$pz^cfV-gVd=33^3b7?fc3G}LXA>b5*rsz9%_SkT3ZnAvB-F3+;J77DM zVA2D9irmV6+>v%LN>XiN<|3+CdDr94>BvLtkTEG{2FtYt@| zo>KvCKh*X2I|3wubXaUG8TnPzAvY2+C18i+Tg=yw=6S5G|4L!J2l=Y>3(?=YBz~Si zYdQ6l?X;lcvl{`xMzw|dPV%K75HYdXWm3twNGkdpkQO#E8;aLnF!bEh9NrrCH7arb zw6WnxzBqU^_V8#RMy(c!PV)X78k%R(Py0vS0t~x>jv7GMP=PyZzS`u_kV#QdKPW1r zYt4TY*8t^&VirQXyjMpeXK|YC>b%h2;}WXk%0O-mvqD z7CiZgzJ8zr==baQP0~(Vmo#c7Esn?A!0RQ&&?=Q@Rd9%cODDSUXLP%VRPxMtFQD?d|3XXB3; zQ*r^@UZ>Li*vvLLql`Rmm+Hyl{JLNsb>P;8_jCe6OXc#wi;=Nxo02b@5!u39UDVCnpd0V2!{)_QuG1eRPkidts?2Ad9 zkF~8)&u)jbQmwu9%A}wne$giP&C9SS+eOTI%ja-3`n zO$3g;tPQKc;i4&L(rj4!u0xwO9TrSe-))wVkKLcj<9Sz4g}V<}#BLgOc-RC`>$Hx9 z!J%Ay`~jLc*KIL;X{XNb^DhKAke*Q%Dj>3K!K{^vgZPj>xnGUtU8L7(R+|f}D}ONg z*jwam%7s-wSHDOtVMI=ow0FwmIU1BME(XNWNG!loN>vwi!nEGCMB>8jkai=%t!?K|NXi7yuP4=e+ddw0t5WV;ed@y!%c}e5wR>>@$(|+;y;U~QP293Kr z+|xnKj8pE!sWrqoJEI0Qa|VDbRb%5MkkzsiXJ%(-|E(SPTk8;vVr5StPly$ZDZ>+u1vwkxV2Q> zF_QmPEF8S=l-w+z8X9)g+O1-G{rQp|4kG(DL6_uwrP#+6qyff`Zx?$3_?&=hrj%w{ zAtGD-;$h8>t4j5yottI=zaW^-do)b6mtT?&%*eJ@4uSDx zT6811ZUdYP&S6UGZF5FcRbp3XL%yS@OmE9Z*xtKIkI{98#djZ3Z8LClNsw^Q&)0cc z(n^OtZ>>CcG-BgCeIT?}?GWHNUPY_D1+)=lqqLrNu6Hg#aEwHeNBl5R#9?uL;)pRv zq)kk!L?_?fQ)H9ryf+*729J_8vosQyNY0StP~XnpJ_I3ij&5WuuLCNP!ddA@g=s;) zAg+>c!$gNx{8q@w6*n=rRU%d3#*Gq-Wr?_F@p%s&!Ynaa*Hqvi^%F;PDmRS&!Op(4 zNPb~ZLOZO9TD3ldN#39gTLV|7%|oz|-`QR`^T_H@IQR;m(hcL~!rfL9_`?Jmx=Or$uOJg(K6Tk}nLj%Ds%`uVT42SiNNO%~ZcL11Siq&T z$qshq7a^x2O5f>E;hJ^k0xm<)AZgc&y&s+9zXKItC5ldUXB`a=E;MxK*(i25PRI~_ zI&YU){LRvb5z8;K=-f2jEi8y`Ct&2FdZd%I3CBw!UDvjzl#YjL zxmvW?veDD8D6-oWpkng3l3B%&9Il!<&l#$L7N7BvJe)Su)wp{sHAewbyYP!piJtke zwWkqkfB($;_LpHlHO{7;_EhRP#HH-6oyH28%IPMy@A2WR4TdTL77!~2#*dCFUCb>pFegVR~Z9td<*C}5*$FBmJ! z#X^1@^vr&m0o42UnpN~?0^rU?B|aYNeK&CE)~#GvJCy;9uz1}85MH@NOKb`;>K`&H z>F4$r-&o|)OdcQFS3L__5C7{4i4fBl;NkP6m^H5}(~i*R)kiM6Umo(Ty?`PW75mO) zlqTXzk6sj5P-$6rHT4A1>+27j$%gl2SxBV+TV9UzhKunVsh*sgiZ4Shr`Dr4X|Qc) zwHzS|?U#EhXx0+RQ;G8%-ENsdOMVwHF^#@IMG z4&EY2q{JCCkAnI712)zJJv`>T&R6&hpG;V>pNb)3q_JR`mP?C^+qkVIb(^HYxf8;N zVQJT^MF%6_u+A?YALA7dptmYtjJUXZ7OF5phQpkuZvCLl;wS{1@vKDShZ?Co03(=B z=m_1GKaCGLKPto0a?GDqoH4B6NVX37_BF;?&Y7PNPQ%wpd zrLB5JAt2Pr|F@th<0}m};ucD;)Vleof2f_dMltBRe3@{2pAl(f7YFZ4>W%TKu}s$>FwK&;4{3*F$|ri@=E6n=O!eLFS9 zTMqZU&-jIU8zRXE%^^c!hTp=rqZ%y_ElgI9_UG#3O7lwd<6Mt~1zRZxU|x9utRk-` zVQ?adqi;TWd@^tRd!z1e^^eqUZBNU0D541{Ndwk=FOPNxvpsmLTDk7 zxfX5tTw{P6`=#&FkH-23M{LHARA_e0JNsPgY$)|O=?!wpQw_M&k7OAq{zJno&Bs`z z*N1tETE(?`MQ&HRsZ@oR?-qu2iFnbuk!*)w{k78R8CY0H94%|FoM$H|R+Qh-C7BRh zN9BY0AcW`dPMp+8+O&pyC+|TQ(b&5It*7gDT3GkG{TpPH`Pt&@>>n9s85s#h`XN2S zZ=Y>e7!T&1KX2Xi^6GmhN@Bohr4`J`0^5~!KXE8*2g43|P0fT4`EPf>8R}{5He8-n z+S6b4^iWm}tjIe`|1En}{~;Z2wUgraXZkC<{$H?s4lcPHPz|d2j{AQvr?BjZ-m`mxNl*O|i*%cyN6T3DfWU0YSc5G6b9Al0TJ$s8? zH~#X=8Qa?i2%m2C4bIO0*34;Vr{ubbtq_*;kjak|*RfhJ{cJq$#68(avdV{q;Xh|o zud$3_`aWU6iSjH-`)&p6+7-@@?NekU)=xUIbFytW@e-B9O|ZvS4p{0q0-0l$rt=W@=r z_;C7sQv2}Q!`F1OL}q<1fn1yLv8c}z<61ZDbma{V=8QtupcsvVAja?d-Hfn5UNDAt zch7neO1f%vv>aKg|311^_>EQg}UUg@Ve^e*HP<6MzIBxu+om79|mKp%Ae_kjA z%aSo$FRo8`-gBFTMxcky(h=Sv7-e|#4|U5p!b&{vwTM3kz55kPK@&@}f5ue|W_X$w zFTK$|@bl4l6H-%4jf}6i2)8b*cfW#$&IO$x&wUVAt@95V_M+-8k9du*4EH5iP?yh< z#KK^$ai;p(Z+{u2_~XpS`h>S81FfPHlJdv3j{Ov!0Hn0smtadZ<`X8+6?Tpz@DHfK zsLXwb(4PzS_n*saYm--1F?n6qZE5&IhOe$_5C5beIQUw>^%lWUsJZJmzvmStr#74l zK=PgsS@HIQm7}*XhY8LcU5j1Q${a@3prC$=I%XIhRjxIeAz&<@=f)LIOi2;9XO^E2 z&5nxe5%MtOHMrB+c{TV*c3k8rv!b&h^H!bh5rGkL53G(dP&vVt{SUy36847=vX>+g zK9C{6bc{t$Yjp?SV;7!daK1KZWFvzG#9s_h_lUY-aH3k;x#)InwzD}|sR+xIFJjO* z>G`_F{8J&&(7s`Yxwz13DH(ef0H%&zKH zLwlI^R-3;69|;=#FgpCrN=X-CGK13=f-os^!p6fbVGO@;$Bm0{X{YdvMDmXxGp0uU za;}Eaj2mfVme2>hJ?Hl){xGb(Lq|uy_V=6{?~+3#OkYK>7a(xvxP!cXeuVgey5;YV z!Cy}mGODLevBAD&rSmCMe!JY<(ju4L@w*0Gbac77bbWsm1bh2_1$>Bd$wBP>?V>^r zAb`sa^IIeiL3YS^w8zmNw#hK)1z-Zn%W#g*NX64=oq3o5k!1ZfZc6l#;q} zNk+i|E|ed!fAJpC%vOhJKchGZnr4I$rzqqMw<6$%?uavTMZN!6?jLG5`O#j}k!OUM#6C5Xi#hZLmoM}0vxBqR?gVn7 z_jCKM+~}W1@IBDT+H?-z_#X8i%r_`?!^ahTD;b!%CeP)$ALUVsdoms?ra?csp4;T! zy#C-DN+*MOy=5s}Yk8P)2Aschug9U$jJ|$ntWJBOEDQ0RNgph`?h&b<9F2FXW(dQH zFcui*N>Xv5A!n=hlO%nqDgNiXll~7WY?uuU5%Vo;Xw2T~Zt&R-P3~08x+JxxVikf} zP1*AGNoIQIE`i`fhxgb67^#;zKMtJ!rh$ix9)pWFx`h%Ps_JoQig|Finx*}6YP?+Pz8FpA z)?8NBbN{%Z*7!?4>Pe&kJX#Q=Fd@^&e@H^UawO7rpsS=b3Sn{4#PyE=97o0Ukx&SYmC=l z>b7!(b)i6GYI%va7$h>d1cY4el~x|#;DKkl{#VO7h!A!781Y#qt4h8Q!sfcq@?c|ZV##_&Y{7QdS>=blg{qFWl;2d_^Un}_qR zydJkTwDi(&ns9a>dKSLEvc6r9D>=tk&bTV`%tq8+yHQ;!L!>4y^)l7_a}KiUN?C+h ztc=oRZg=IEFZbr2i&*lJnB)5Y5+1V{IIw8dapk5K^fN-mS-v&<%8obPE==e#MQ%Kp zBC%k6Xr?G9N4dY>PxVF-k=@CcMi`O6nUD1q5;}VZ=hlpuqc-~Vt-|gLrF#*DXP@qb zgQH}YYt-*txjmxRTh@Ypb(->(vT&U#2}8=rB-hb+*Rn5jZ9K1h}|q}EbR=TZ@OFF8A97h1IRn%Ca{ z`tWuPYNcsS6pK0P>O~PzC_;67Te;=s{4+BdT+U2>M8)KJALXwabT#O#F%)iebh0&C z3`diX`3}=C$r4klUk2{AeiU1Xee+&w)?4_>YGwhS(jBV8&htZ--JSKTWHv(R8C|`0 z=DyLZ*KI-|LMt!h`-Y)q@;RpK@sks?#B1A$@{?x_4-c>H-{0T&prLIn76kuB!FyKE z@e&!YNTrNl{8jzi^|u?>Cqk$6{4B)$n<{8Mjk`{+P1v{(Ud%NhIBjOh%n}%<|)>;nia6f}|D{xmSu-8bnJX662%YucDifhXnRZ#$_+rvVS&eVX}4NWVCzx^ZNU9*{`9T{L_2+$M%qqKF(y zObwkQc##AMEK%UT_>IQO&kK<9SJo#t<%SC#DTp74Ykj*0{ZNEz?zOwJj9HyZ*JEQW zuxrjkLL_9jtfP_JgzNhBqwnkt|9zt=sY5#z0-q61a-O?^^@U5)Wi2vs&1Vsas3Z6D zzOLcvrQtl-g#8>dd%PJe zyKgiLZ4nR8&Y`hhUSnmxT;{&#ujl<%AoIa9v+84{&s!|fGTItppWmU&eb__RbfSl~ z=`K-Z|99s-4rR+f%h7ABZQ1!g!w>z$HV_hnS^hH0fb5*Lf#>FIy*yLbb7itg>$8UM zHX@C&fXMGFSN7xfMZ1->>T^i_f3P_micO z(1YqVOm>_PAEJeVH%?u7(ASA<8(P!kemuo0KXw)3ppl^|K`KE;eL}lZ6ZYw1Y$@rb@gC0^p~p(e9#t> z_wV6EzQ(efw2HU-7*h!`&_nl(821tJvz`n0+mD}2e^>4`=BXA|+o^Djjokj*x;>Q? z2-`m-4HF$y)rGCmL9Z|W_WYeFmT2=nlFIu$J|Jn^x=^8?a`|{Pq#6ioG9K)uehckF zLGYZ%o%z5Tl*C{>&<)0Lq*l$>+4T#fqcBS=E2}tUT;}eZ^WF8C?~eqZ zbcVFtjyu-w%;x9k%{)%a91pdauKYH~4zd1=CQkuH3M@DM+PvQ~ue6-Up(OqCmgr+f z?Ff_y?R^>6vI6H+JNH(j_fOOZ8iTE^A>smFJWXBYLY0rVmn|$DR!xDo(z&}T4viZf z*v$2JCskC9W8+NPTAuEnx#=V+FB;CaWbtFY0s|@Qu2w8x`Q$aAGcu0Nrf|5|oxwpH z1Pkrao^jR;SgE|J@I=;`|AZ;uu}7cRZar*8>+dh3M1+t|V!m5dTt-hk)QcQZcAm1|%gB zTqLUxguwACRU%vdGVA1cD!qcu-u}kP*lqCO>m*TO1uzJ<--cf%-k(sniUG#&xz?d^ zR_?p%DWiQ|15l1pey%6etM#%j0tsA%(*&z0c5JHhV9aYymW}0D^^B0)|9b{c$V`-2b=+$2^%L*b>plH`xYptkA$y^HBaQ6AA>+};ax3S_fYZSH#|Lg_jTJEGl z=q^4xzj4-{ihzRnUOGE(7qJ}*K)r;1-y~|0oDWS)CuTsiUiRyC^QYN=25WBinEVrY zoBflRgzCMk?a!?^0lbDcC~D9@@bL2Fdf?5IE@ZKwO7=P6%hG$eb6|5W*M6BRd8Ed{ z@%kO>3Y%2GKR;K05~?qt%O#!z`w{36D41oUtM1eN|ERj^K)Tu!}PQx zhv|vwnwjS4ZetE+VmhYVrkjb4>F)0C_CEH$-|z4Joj*AK!sk5C9oKzb*9~Jb;1aUh zf(1NKS=?irvHi+Y?D_0~xu@@Gg>gUX*17v6I?n4Q(c#BWWp9Pt$>WSj`@FQiE42>K z&861Q4i7)g0!DHuzqWD|l7I8xHaGhmlr0xER5IDlLzbGxd1=O+68aPl`h!>}`YE=1 zw1jB!nSS7BHJEh_*VCF1R_ZqOHhxObnbJzwGJ7d@MvWX!;dQcy9COUWq%yF3*2EPhB8Ja^G+AkvWyzaFzWODw%KJzf?E~7 z*2^T^`hGFY0O|+65SU?EFdVnH*{av}p&xXw{z$C6t^4){b;J~~8-poN=}KrzeOaaB zQQbw6t1`u7e>HmU(fKR8%_gT~2XK!TH!x1T{Pi3bus>wu<)F#hcn&@2V3*Eowl~2U z*_bNrX$19I$4Wa})vlD1zJ4kX>#j7===Lu_wn(7_{{FODoqgLNh`QTqWf_$|?#k`6 zgWuq`zFZH0-P8;JjZnZs2gimb~X;*u70Yy zzEwFEAvcW6b2)1B5V2322SU1XNa6MFmBZ5ohQpGa9BJ#ui+2-s&Lzv}VowBb2c#)u zPEVbvIqSy~d2QaU|4lUD%X{qedH=SQGhS|P;H_ry?c6Wf_lqGd4NWL1!O7X_Ta@pN z*MBNCt8)6=<#uQl)XJ+iIk`Ed&r}?;1 z&kert$dg(-)RY`l(OI7Q^d@kxdjA+gNUny?gXKEPf7X1FP>1Pmd0K8JxyN*9m-U@h z!>)495RkW$jGz1%y*+j)zEsI!g_cF;~jWcVM8*M7fD| zxym_rV>5w)Acb9_@l!Ed@2-@SbviA~Tuig`_F|C-Mn9Nrg3JHG%1TA|ZTTPn(HSd8 z?=sX8gZ9v#Vs_14cD8titNM2sq}73NdWM`&3(uH@S#ThhCfc#n6c*?shFTMKXXF*v z21!Ehv!5Ne)afc!$+dDmn&Kq401a?@vH$lvJnOkS-jie`-((#>_H}!|W;{KSRqiu| z=d)87R=H{=iom!(5bc8(rJ(8K7uFJZtM*4&9&a&aI4`r#Z0t2%dih89s_g-m7z8`!c z|8n>Hjc%3f-@u7E-vh=_&uszVyF4_|W(|X>WgLD~^nmKpST1unonDPEFvg$k)TDYo z{ZuRgVy69BB14u^{|aN_n)vv8fZ@jKP~|#q{XP`Vl%1XdOZAEkGc8IQ)E!wa!K$Lq zVrl^2yJ=kj0!Stcy6C*IzW8X$8z8QPWX9I!<@RHFV0<3C{(P&@}1$ zU$lqmNwIs%%b`+k_a?nee6e?0idRdm>v@vZh(rz{FVb~aKD1#e;cxaaFVuF9Qu3hs zvTCMf?_T&!Ex6BhspEu+5p_J9n#u&H`RhGur02TwyrO5F>f?wnvrvftuKwvhJdZSj z@|2aYrrxXRbjQ7q(-PU`4*)P!-R~OU^PH{%B=CcBgBHK#YUP^S%dP0X@9t;TFCCe_NA~~}5aYzF8H;y1k}UPQ zrjqmQ`|Em;T%DU@++Czmop2G+nNlyLc(Xt{En<#3ZTrb(pX@B^%*d3|N#QP!rLbP> zuM~ydGu|c%L0RBI{s5M98Yb!+K&gO zLjU{vJ+!|cvUWqHQwo*E3Wd9JNYT*zj+^sDL!VP#-+UvF1#luJ%#5(hXMz`xZKwPR zClGnEcg5DJd?WE%r64-*Py6wpWO`zF$Vf?sxbC77q-65sbuZhbT&#Pv`>pAF`|%94 z+J9`91czdDLmoD;m}0b#U!aX>iPflSLeih8u7iNDe{1hODQJ+OdHZ5~3`>>qosp5O z{lH{GzJMLh)w)vfM&tGrtiFo>JPvC%*ywVgza&Z3RO_qi;*P|W8-W)M+1-zt z5WOV)phTH_9%};m?s%c|jv){P8uH&_&Y7eiQVe+y zc35p*>=P5jO5>fj2znlb>8nvQk!M3g&|980*DrEEuy%M@$S44t6mvlZhP{H^& zg47XujS`a<*Jc4tC$m1=9#?9;zRA*T`h|!hF1tFKeL{3Ny0z^6OYBV$W})jugkOYp zq=a+Dx^oD`GdS^&r?*j^PYLV$Pz7KUZInh~ zd$4E?(gAYgXB}!7GH7vfvMb*Gkv&Ps&Z*h?gyhkCx{nh}=W*M+pGbOTTvlJ(Vy~pD zO9yI!9^u{G$&L+EjG54F1R54vW_1-?- zd3W9sch>8yJqe<57MmUV_3O~{&W`NK%9$#%bu+~z)RrJUQ)SQkTY9&$r)T&J%a5KT z=jQ>#BO~Z|QB^%wcEeNeIhJ^r;}>z>tFb2Fqr%T_ZkwXnZf-F0hoX9%1j=hE3`tVI zVxeuoC5JXbuW_U?C2EDh~66Efn_P$gDK(0{WCzfrC+sX^sjK3f0F_C?%BmJ6P zW;wwDDnl+Ot#M@5_ao@mj|MCF^3{NcVY2 z3O~CbdB{%c|e45@2V2ih2g{k@?)6JMosXacfQE^WKUJZRqsL=yN( z)dYRxa^huTMb>q5bK|g<9-|R4q{UkJ!#n4p>bM1*GYz|_hM3GCg!hStggktI_J!^L z72*tKTKiw6g zqP!ZHjy}s&4P{M}N^3>`K=xV~XB99vmwuH>+3fkC2dsCdS;T6D{A3Gw{e*ODe1tJ* zd!`tdMs#03xVJnIo|Il&T#P+tH&6rd&5U6t`jsxuFl+@_d56E5+n6wo_LhTIuxF~L zM|}a>EVngjx@fvzL3L_dPq%gV>LCeN984=>b6@ITn`IUV<`pC znwH0#BYWhv4KwM;|77svn+AkfE~MvUTPU@Bo47LN2O!-QtdllZUcPF}DJntoGX{+9 zvY_dbnUDb5k19qM;N5Qs(T%`u9?*@D$9-J8nqaXEwp~X9wO+2>3#w^)x)zC9H9MI2?@!_g(7sgcMzhE}aBLR>zR5wp?x9v3gxk zo|Nc#UeJ=eqBy6SnLw>QZ>pzHR$q<0Fc;TuD74I1K1(J~{d^B^sCM?QkdKP>zhAR7 zVCcD!>ZG-3+%oZWZ>YsNa(nNhlfp0j)V=T1iqM`fUtEj3fI3uEF5l~$Z`zMLW&h77)uH77LST9GgV)io_nWR4ebE>wzkDjQg zMK{lCZP+c<-r^n)h+!fVmpg`v87w9{yM1o?MwQA71)kx?n-_%-WJ=H#eHx50t;Itm z+8hiU`T5^QFHx6%N!YbFcK)if@`%SMm-DUWyKUce=3-6e`?91vGPOTSNX_}6eWtk2 z-yn*0c`W${m%FdX>cV0en^Fq{uZsdXYin(w?Po76pPlT~UU`LD{5Vnz<(^Za=7u&r zWwi`U^7J|!KPhqX%wJQb-XA{XYao!p-g3QkSk+m4QIqP!&lEq0f-(81B%OXqxSk^5 z^SgH(7OhfJy>fpMDp!X&;-jjct&6;7G)y6qM+wVp!p@GXtV|ivq4^ zFCys6b(a8YbdUr1T!p}gw$J!!!$nLpbS69$hdd;y7|0ucp|oo&ev-J_g^=?=FPL+U+?WacteLSaPIqH9l?Y#^;v&G=>lUKYNa&@WEfXgyV@t(_XV z{dj~pwcGLhThsR4&p#LRd8~4hRDFfMc9{6eX~tn~47nft+`n=KPfp#Ovj7;>_*44S z`*^Hfo5h8WCIc$gNeUzM8C8D>m;JcQh3r*J+5!-We7S&UZtkd083j>OFmMR~T||CM z*cd06%D@B%pL*LcwX-@Pobj!u@UcCx=hEQ?2nqIFbB!+X^DH_a_RG- zZi?(0ryWU>E#!`grn@u%^rmcLzw=w;bzJwmyu4iAIfcKnzW%hdtjkc?L|YmkkKWy= zlMyep?RWa|Bbwt&e*TntEC4|j_v)O1H2|!3LHqs7%b*~Dy|l+a8{=NPj`Li4OK=)33&v_y_inHWQti;SQ>t|MTxTHSSc2Y z?#J$|J4|hN0&wf{p?-21N36>tg^zUr=Q0{+d??>SG+t`xzr49bc~^blq*`ju+Ir=a z7N_d$T=h?9GBBaQ7!hQj?U|42#X3n&BC%gVz}R}i4`q}= zT`CXUgvH&@XUbS~C!gIXtdZjbO_)Y`-x!6J+9cRco|T!&z12TEOQR;3-795C^kYfWq z(veg-6Er1HlX4MC%1}`ptD#N0?KHAX1`TJtFKeE6nDkkyRv^ywcR?%S?Zky+k z+d`c5c7AESnQ?4(4R^&6J<&N4snJANixUY%$zOLbWjxw+96mln4p0!dfKAz9^v>51 z=i^OOSi~Ki0=yFAABgn+dzLtY2>M~(v5w1vz3bf#ZMn&-I4}f9oTa!l-db{}q)Uno`2Eg5nQ@yas-}A%PtF2PvOnaEE z$Bs7IXMKBSE85wUML$&%*5w)esW{*U>-Fkoer>R3UQdgnbV;u*y z+E@2g*5SBugz0oJ)o8_-9`k={EjM>X*V(xd!kjs|?{`Sp7|8bwjOmgup*p=X#RAoZ znq^&M=fEmKH4Y-bF8UA=&;5)dGOfOqvbUJsDSoXwDBLI5XhCdT2GyFi-u9~*Beoa? z@~2}y$k8>}?H%Re0jNBuySlyBQctYg4y){z+_>XwDaZv~xL&fZcK)0V{}m==NeKH| z)k>c2evJ6rgp5!naFR#rLf6s$(M-5XvS&XD1c{%lMl3C-qT&~4y(&vQFKq2lMb|22 zk8#e-Nd)aZjJ@gVW2n!TtKo}Bx`^k-0x=aIu1h(mS{PklS_Q&Qm~P6;Uz}8LP;Zrw z&PBYk16|NH^xh~eck5`aFAg+MXn)8d=hx?(S>+e{IAGpr{*0cSr!}j@?v9dq*y9Yd zb7}h#j_zc8uasJ4f6FfddVV09I}{Fp%Y(L;`k$vM(cbBO%mAV>bBQ(a3QHOo8NqQ<~^M9WifqM zSr@fY=ig*is~y>rSN?fzg+ZhcTiT7+R2S!L-00oAw;i3TTlIQ8-=B8_iP;A*jr`1a z@Ex0m(KKO?Q9o=~T~ZsYeE^$(CEt7 zJ64q@rWdkC(++p4-<-;1hNS6w0f{sts4Wxj;%#>vTiiX-28XWv`-b9%F1R$`OWGh26GDNuA zVD+x&ZL3t+O0)Lf&9^gCdEx=W&sN?dsxbEt2$D z02UBA0AlUwNX*AYgqE*H!d|R3E3w+kK%)2fp9htp($e|>{16HST~DpV14P{ru<#oU zhip+n43Pl|>EX?ewKtQ;kqkX!4KxsHOhN~mGy)h2CSYfZrln35U6ioGCKuT;Q{XVy@PTPLrF`vDAaSial(Y?Q#&NGg2|K#|;8Rw5_j$-QT zhg7w-t64K+0|WW|T~tpwUcP(=;@Uppq-cLD_D~nYw%7`SAt|O$no=?OcNoBmYQR}C zJ1frR=FLHra%(8>E~$&sHltj?>6Gy%+R`v72(dx;M}Wiqk*&3Rm*^`WHAlV1^0m#QIrX`U-2%(U zdAd(ks@{IvF&>@669pp+QkyUAfkHw|Z2ZW_2fb1gCtIpfFf6Dhs%|*$Xv;}y_C^0C zYYkv!PM>;{M-)ye6C5cF*kKR~-5d{r%E4R9-nTO$1(iCnMz+Z-pxC;0gB~bpEY^;% z#Qup~Sz&<);Jt(D7Y4oC{kF#C6GG-#lj)`pBOHWDKyRd>3x}V6)Q6A&%dR~0{^=mo zPKrt~$a6{v=>^($e66!&-rtIagztA%9p3pBQ*)^@HNd*_ZL=xgym_NieC+(@%9NOi znfV=?D!0TQd;a0B;b+Voen!pWXpGed(VWauKWWm*t(929B6|yGcN0T$nB3+3 znR+1qoLepLb89$k_L&Eyf$I7Y^k&&Jx5KK6D`b4F#>x9+E7&Cmfkb+^|6HH@@4w&V zGe5K#ScMPefI*&|T(rf5#l2(kS{FCO|_3kG9Pfr_O(sg-9E zIHB3E_uGv)c3U(yfX9(lTl=Z|*DNf3JtKt6>!_O}TLc@(PYweab5qX_mJUnYm6E z00{Xd+5sliI-TMnMgS;>u5@k+!noGp0$yp~aUOOt1O&Ox)SV@pMCJezt=T-IHn=K3 zesJ|VA;~%Np=Z|NtuNj6SRqzUtyJ7dIWv)m9Q&Oe(o$+stFaJ%a2-z1WQ0ot_;fh! zwY>cA;o%=8Ypr}sOAASu{49=+6k4Uz1O&bS%^y{fyRdWmCA$%V-w;s;|w!=_5j2Cfl>2C3P?ztrZ4d*AK-nWOg+XD~>+U~z%JJ)z7D3Sw6 zrz-@Q!*hz6?+JXC@Q|&P&O-QKHCu?~P*v@ZfgA+HXrFf*@z(RIy6mtM2R17sC$MGb4V3LfyiHWw+@bMK`2%;{E?&iiXYF z6sfu)BZK2}t06jTXkS{@8SKzam|SBOaR!0Ka(!}WP^BLKGmUMwKRe(GblBm>iw)ea zue&T>#sgEA0wui7Sow4sUd;|bGnp0JX!fOe30rqLv_YoE4LM(7J1gi%emEo91tvOI zpT{s}8Vbr@5Hi|3x%_t44cmH!y8qHOP;(yCV}p~ExloN2N$hC?kwN>>Le>5kK&^k161Zm#E6q+%*K@qeD=GN{K{j35j`#1h83(F# zUOxaUGwg{+wogQ%=mw?{&(tL(CVn2nn}rnAMM;iHCm?3lJ}%$qj`9*PNiUFdeF(p9 z@IpQb&8u>59&=g8ef-qcgh*0}B>7Wecdf}hqWkCnKRfaw$hH%@K zAkd>t>InZTHR$K%U_7zZqpK{CQcRWlgiT&A)lLP5{6+$tws$y2=fv6}vQfJV0Sc0} zpp*%w1&q2IUOc>Z41VIB@iK9zok`Pr$`)Eo2+4(Su?*x{JC+_2KQD^!SWELiPYh3) z|JEG`4=+%1Pc`Z4@t4`OE=sd`v$)JdzXt)>7F5KKxGX~8j*0MTtB)ya;N2;!gbP_mcST|Z=XL;l3*h&^#vn8hKA48M zlkvl#fSs1410Se)g-RDT(15WQ@y;7-p{M)Prm)%U(>^{{4AkyY${OVH+~WYi@(6z# z>kbPbCFU!zZsQjg6wHV6Sy??Ni7>aclnIJngp~Xmp6M!ZPr}wy?(z!?hcUiCk%}^n z)ASY~_takQ@`@6=V?5lYIM|V{D>OHnl%QU;32AS!(Ueewol-?59~mSIpwnawmVr^% zNDGAAXPTeL)ZZ4nmd=p>KWRYrc%ln{cj(>uoL$=?zV=82hod7SUE|}`N(TXNu3qrG zBfO#%h~2avp7^yZ6&Tcy0)25`Ofc;)Z4ctpxr@q(+d{-B0@Am2T_3Y1<+MsNMmh%# zv6Bz|!2RZzHj`LtNx^5!sAU_mtG$l6;xP+Ib6RCaQJYi&XV`l=*j6W}rwpB2>+hqX zZS~Xu_8SWrnt?D`PFbGWxzIQ<30l;AVoIC72R%=J1dfN zDtg^mr%3o{^-q!ia94;sBaWB?Itik%SDRG#XsCyEaMxym=O_1%+?LmcBVuSXVW)!6 z8a?*Bi7vwKn!2t{p%Pi)Kmga`Z^0yjNeqNRJg`GCO-M4_&k6AotZ^%Z%I)mzK>vMU zSsiyx2kV?tM{|K8G8k9#hg?;f41zHeaFS6+fdI@876qmr9xAzf*Tr)XzT;DD@Fe5q z<>m9l^v4Wo1(2y8vjThlewcIS@f1A28yWyFTv`563m3(SB@vy6w2%w2X$k`*d4-?6 z9$SbNQOsf#R$x9=$IHz%T=#g?{WZ?MUg6snJ=<`fC<@9F1n((*(pK0)fQO$rL+pMX zsV|uKPVq?uesfk<_7WN)zo$rl)`iS8d)`I|IlO;_kqCl4bI41hy?Z+L+8lHZ!QM>veb&_I7~bM6 zKs@^UAx<$kJB(iaS?l*iD8NMQs%kuW?t0KpWV$!o&|y~sp!kdPP7zkn=4iYZqZJf+ zSXWs&Z|2o%oHX<+@TlhXkZISyGxt?QU9x5<0*$@Vcu4DKbP76~SJOPSK=k@y&c7co zuB!E@Zi@2B6ZIMU>jd6DeO!}b42LKY&r8elIy@*NW6)TtRwS5v^gQ|^v>yb z>u`CTR!fd@5U1Zb>hJ{Mbsdsj9T#Nx7}5PCwn2e+{at|VXKdk(eU-{cY<@IDk`6&* zVt_+qj0O@NqG5{_412%`pPx&pK~9Z>bD{gAb~0I$z3a^bAe8_zRIgsD3c^N@YeCn# z7lDS$a~E=Y7p&|tB6<%?hfT8}Gs<3J>{h7rb;HOEAS;dPU*kmG?WNK?!9`9e&Sr#0 z`AEGqLULjE$rnJKDGk8@M3*Ipa^nacD;@5oq)>2E>G)HBVvj&;RWNipUkDz-gFljhghkta7Qo&2O`KbMdkMr*5&j9(?e@a<%(yn)o@T&W9Cq?Zz{IL1A z4RlKsr#0wKPEMkna3%-yBbKG$A{EF=N=ks%2GW9OT^ zG{s1E3_nRvPjytP03Y1(7Iywg2B2^I;4@O7QL8Zae^k$;$2^0&AK59g&j3GW=Lvu7 zb^Yz-?T-gn!D_RicK%$sK5^TT;VADc+k;xbim1{S%i%`FRw&~vtk~MJ5k*b*+2;c|dQ|Q9`g=JiT|}7B+u9%9 z=jZpMS@;$q_8~rh>lR>q%`9J2u>gM36T;Y|0)U%OtU$;UUzl1X8sMV6Zbamu~x)7Hn zLpeT=Kis|O++Irmt_=FOI_+DjZ+E#Pzq+t?r5Vka%mNv`FR#eG&*L8&)o^`X-4|0QlBr~xbDeHURA2;A4qvKD{DQ5` z&WIax4R64097r;xDFHfUDaa+2S|;@u|1|h6?lSP7T0>Y$fJ#<-{z=&VG4FlaG)hOBMSv57!fL=1vY6^3g!BAQhW@4gtO-z}J zOVfmYFhkHniW~|;n_3PJx%yA1jaH1fJa!c`vkeqDF4rMQR+E!Y2{L%S6B_CUV(TPh zi(+J`VaNJjedwY!V(g*5wCD(M^8RP=Cc3{A`gZj{|2Y@nomxWqoqtmUqt9Q>1^u=< zY$CjIcjOHlH#Te0;_2}FX=xPvZQ^FE*2lH(3Kq;r(uT4l-&XVzgZx}(zCx&JRFygj z_@9uGMRA&`=zhcnOMQ&W(2uq!j|xUog5Vb}<)%?qYVcWHfoydUrY))G;xtAmrMfL}K<14&L~lxRBlJ-b=|5YVhV zyf2ulAlMgOH{B_Q`V_N(7d^^*)gJ}mge5ABv3_^Wy@dCX=s&MTDtE)jip??-63Wn` z@ZzdhO@%VEW>_(s<>e}X=n(VkiVvBj+?&S>j?kMd=O~?9VrFMQJuU#iy9P0rclYGA z5TyG)oeGQpLI+UZe&P0kh4!zVz7K*@i;?5vFNIkiBPl{GS4Je&v-Y$!YR+2r$*P7k z47x4@q{wmKJX)my=Oy_x<*|U}Hy}upX?=$x$eA@JTTcHOz5DI;U<74`AGY-C*C!v- z#dJR)A(@%FxTpcD9Rnck%jE$V(4(D)2nD%wLoc)La=Qkq8aiuM#Gb_~PNxXT|2Q*) zeqn1MU)T!`Y;RUZ+pkiwZU2V_^!I*b3^qdngO}->+PKW;7Gg6^sbILuS=fS8)j=jH zuAja8?XV#7*EpTEI*x7+^~=eoD-zUXTP^}dRhL7dhvG!o{*s;a%Q3{*; zJmcI0RZV->)N)Q|1_Oi_g!qq}psfB@Rz)A~LRpQ*BR;Gz1~o4?H>X*2rtyiff3UUf zI`M+>LQ6xT0oG!Au_c56?IRctQgofWTU88XjPKbgo0U2Of>5LRT;y}@XVr`UCYSp< zTA9q`u1fClqeoGskFk~GVZGZL+jR{J<9@K#{f1GMtMy7=JPCn)-*s`M#Yad3s8gT%CuI z0;)Y2qX5ZK?I|G1ZtI4MI%^`z;|E@#;!wQq9hg^!a-2j*6{@xB9n%Ois#Lj&MwLW#aR?|Lu%V z34O`o|G5s}T`pO=PZ%Hzn{-+sN~X8sadFJ>Ud5TDs=Fz@(sx#vv9P z6`6u%CfN|^(b@w4eLQ6|!r$!x6fg(k$1-OIXb2?Px7;%&``*9d)O@qa(e@Q;B)b)I z;#+N1>WbM}Uw}&^Lhrd@><0W03P}X9d_v~Mff*pzkUs(;;Ltag`t8Fp%_0nd{n89 zzMZ79#x9>6NI4EpW_h{GuHL>dBtHOHh~9PLS0U=4omfP2f}YelRtCk>?)!G~{yGEl zQdO#uz*AsxF$k(!tD(h8T|Q^)pWm+@`Kf`)5fqQ_vhvCka@)f;cx&C3BQZO(We32({#d(`)XG5>$sqhZo0!~+5(#u`G5M5xT{&_Pw7Jv`@*M@UbkqH)Gb z=Za;rv%*0E5J;C2QUu~Ql%|oHWrlPEnr)nE13Z;J!FL}6(di@P&`pg(&2LZzb&X6t zAUAuaT3XZ?kAKJkV#>y@9?f2pw;Bp7LNeUI$cV;i3Z`;6~xV;+DE2 z0$Wi}ReRwsViET{itxOwRR99GqME}~VDB^o0|Ti3k?b#4ERcwP(@Mb3_tD{CvG$m@>@ zc&!%%r)NjF`!rl4>?5Dsay5k@Om*<=T}h(`hREU|Nz*m!pNF81{pX;AcLb;tL*j(; zpb1n)nAoyTN~hh!{j6=4@%57@iS>8IwptO##5Z@DoyiKbska`4-}_8cV>y>IQ+WwP z%f}v12t3VVRb8MLq9i0#XMZ-5+~;Q* zk^5X#^@FQ}!xrp0c-q!x40uN|_2Gt@FRi`I9r2⁣DB_LpbFB^)Mt3;u_kb8k7

1sHekmW znC`dnWR}>7#^{&>yBmC64 z_#_b#>XDI{4|*g#;27`o{sgl=kjDgU4HNzv_xu~P7k%!|6#-d?%XsUl2{s8r>kCG> zX;*G(eHgMUCZ2{|+~wXQ*t$|a=p{wgt^Ev;YbmH9KY$g$+)(TJy3#jsX{Y$!!K~c{ zjVFP|B(APi&W!Hy5;?ez>FY9&*vQu<%Xe)i#%AtT7yFq`kupMwrsJ$JZlilklc1Et!+d7>;9(u%|i^HCiIAtI8rsXsIJ zfBoK=hgWFCu1+cdIF@C4ZxR^QKl0u!ft#m23!{d4*imOZ0)>fLt5^NE@O3GhE3lAz z?&^8(i1Q#I{B+k-nx3BiMqb6ueF#Y!conFT!*hqVri_j>5Ug|Z_KzDG-~8;|%af3> z`#Fb)QSvrd-e6_Hm*>C!fOg8z>TMKVmd7Bdvzw+IxJdyPk|!z|quc219J(I@9K}}K zlr92IR!e`*-0`K2o`n=6L>CUk&R~{C`@v-)P+t}oXj4sIARSYnpz`82J{isrlEP!$jFN_vuf(=)xy}Wb-YWSFH zkSPv?Qo%S*#S#;^FtwBZgHlD`NPKAm-FMVXoi`1ohpoiDlF|<&mLZ6++;J;>aHK-? zu)_Up=;In+B+t!rZQ*BQy3XOt7(?!-6Kl&CYx)Y;A&#>5jPGM!n@0LC8~9OGHeN@2 zPxVvpuFXjP{?~s?2_}pdezGzppOBD@D5kfmDZM4xtH&GPF-awxhpjsKS#l#MC!dgz zl13Dg;skCTZ?r6*0D&>|3l>Juk-vg%csSN0=krfDy=HIT#1N1Yy#l9b=|Ftp{?j~P zNeDSS>Y}})>JvOV`Z0xz+3FM7?|F9f5q*Cd5h3kr?@pWh`Py;Q&5pEM*T$B96YrW5 ze)dsCiKloVoJ*(E!+3q;CCgORo$r5@_jt+|p-f2`0#!;}@{<1G_X78@?tbO23^z8B z>rxF}bq$SfKwO1>3D?`x;*__Go^S;8=FqnK7w_KJ?B8dOt2lw72|*CZ?!BCVKgKpN zJWE?^L3LgxK);+Eqfi>!PY_0Yg(F<8>Nj}w4u|yR##l!`o-&NWdm2#7dXsUwTKt7J zFL|44R3Ec$bHT@^r&<0zxoX(w5w{=%;V@Q}eXu?(sQVfpPk|^DN??Iq2Xe2b`YJqp+l^=Rwp9o z_o^JQUoj>|MMER{95er(7Ksv}BE}Kw4=Vg+M=(CS8(#oAGBQNlaS;Uth5S;kpuD`V zKMk;V)Ze^$<>+W?M5!HJ|1I7fOqtCn4=Hj$51Yb37Yif)&^<$Q6o(eYOY!t4N)uKm zK@$PKa(eycCTU~mOcl@D14v+k%T6Gt<)*0Qr%SM&z83N@V?-hl7L3E_mnj+yxAyo#0Vyw~8Qj$Hmdo zM?{t&otQ_o~Ht*$Kosga{pbXF{yCWGKmTR0=7_B5V?Bf_KM?cPwpfZTa|v zIl_)si_!;%7ZZJYU+zwtX4S_M6B10;dfhoGg0J+vF5(VvuY^9HG$`JL@5&PCRjUYJ z{IW0|pt&;}a@#7p`SA91~UoEiGM8s8bW4o(UPpKuJ!gy?PP&2AQ=IQCvCwsSxWH*3O>v zc_Ax_DhEG*EOBqal&$OTw9KIm@DhX+c0%ypk;rvfT3X6KeE5)VH#?i&vu_PlgpW|& zLn{WXsIm?gPUqb=v4q;B*Y(of zeGm5g^2Fjz?&_?&GkqIRsjcB^ggoS#(Cv9NQ||Kdpj=7b6|UZ8rbzAUgv6P;9}Q=E z5gvC}5x){`c6k-n+~?foh3_u<=pOEIT6&z-MbPPWikMBqH;nWSo=~_L6s;%m#Zl~04tgb&HR-pqP#Bywh1vYRSMT{lynjw8YBwx@g*s@ z1@CZKi+JC9EH=K-pR&S2_!boOHm{%{8UPCS7<83(a&*TC43EEcXWLE90J8i=d%SBG z&=KT<;9U%W&T$_^G)s{l-?S%$Fve5Ogn~3-I#bL2=;vfbfu}P~?Y(YHLSqb(Td}Q; zwy^_;e@{Zq0}LYgDW1O_ekLxyu_Xw786k3;xjeW2;F~y~OCdH+x+-oZk$}^*g$HXu z_`V1Ky#EH(KC(+v3U&&HZ*GalN<{cj%@W)l|E_;H`kGWXoZUdrR-pFr0)I;PbJ()S zYl!|vT8!80>gk#z(!-fO;k0aU694z5mQO4UlC%e5KBLP>zG*%Z(rtqo&=oT3T3LlJ zGYi4Kpp$GU`Q64B9Y`#`VS7_}S)_)`oH*>ZD3l5yfBS9C)N^34#DImR9>uS$wAwye zbBm8xIcL_JB!}@NJxtmAPHSWZLY=8&$nPQ;yL$!B!|d}V8}%!k8u8P7XC86XSt zezm)`b5TTkE)!$biM;x>VpbFO4coIf(S=LYNk5zMl+6baQWI@%e_VIooxdbxhe1PR zP#th_p=;EiY;xL!fP+(huc%E!g+6No%xaRa+GecS=4qQ$_Sz3c)V{h8BPbsaZp9~I z{SyFj#C-&1{527Ub`&NWl`^{&;mu&IcWePA-eA_hFzUF@aDSA7(eH@XLif*E%}{Bl zK>#O~4x(<5Ca=yAfQH62GSD@>Au~iC0qd7>7LlD1jy}~~TiI57*U1}UmYO7%_dN~lV5 zPtqA4ValwC=GfAAvJ?T{j9Sb;J@N%jc$m=h_3a6VMv9WEk&24ZmGkp&z)P|qEeg$A z#N9~-%f-@cP0-xNM!AJnkZskh#joKP)WbV{yx^lNn8RG(6*M(PM zp_xET@?Jsw#m#6DuPHf>Z?e^t^_MivK^3%15--n|=qyRAUEihRelp zPH_xa#WX_9gP6pP(n4_#f&w?KB{Jli>PKe7@gN&##|7AC^~;2TE+AIE@8bs5xW57Z zxBxDKA22^aSVddnZ<8857Ky`TT6l@4SMGjyld^mwa^2SV4(yID!9V&~thjEyynXr4 zsg@vcX2HHM^xN|oQ8@Y;YL{5#MwDiwQxIZ z^d^c2>!vD2e{IL@$%ePa)116iffF~?rL8HIs+`r4i}9YZ$eZ)udoRZ44L0W}HHzM{ zT8!#YF>A1@lQ)9w_C_}xcuaXzvxS{b)mY`!U?HRe77vqVKBh8I;QLl&tiXI!Hx`fvL+0Vs!WpA|k2pS233R3H8 zJze3$E)n8A>G$is0#$2d<1NOdq@*hoW~ul`N8T!xHgohfqEz#sHq^LZ2l}n*?8|`{ za=twpC!X>Fb<&dQP&V_3537}R`qR>2CpY)2!ClfPPZWZ@Ks~ti5|0YnzqS(R{qkx& z%B0|ZKr9!G=g@D>Ww*v#x$kD$fi2(Q%?B?Pk=ZTV=qax929bY18@sHqU@f4Ol#o!c z?nLXwhK^co-c?R<=9o48+3Ihz60GuxKH9TfGIgI#i|9MKxF#kQNUblv6Z*m^U;91E zv&ONwPyIZkB3g|&&stmktjI`wtQi=f($_tqb{U@Y=E-D^!oFvI${8CcqX!s?@@7s> zCKS%q;4uO!$LE8CgP)b&I#N;{YLV{^<_l~4gem-_<0E!=>6ntZ`1k-Ok~uiSt?1a0 ziQ7=eaK*R&5H_;|3Mz&m(?{CUXJOknTBl>jyUd_a7a$`<1>{(XZ&WbY$Q#n-5skS> zP)~`^j84>0*-e>#=o;IpvQbS>T}!>=-PkC5>*?gorYL`v$<+S^2RXg*?xsmW{)&$K z4zSRf=3y-;%)?uU=+wB%9@Nvuo46*6WtS?oi=X$`9LIUx|SA%hBQl5cMQKzdJtJ zWnp9UJqfr8eE;M^K=)3v)TH889>Nj|(E^x=<` zOqA#F3q${Esu;QMhh?Rz1ovZ!4P?35A24HSyqyQdlRf#gY%LqHW*xXVT`#u-ST$vH zA~Rzm2-LE+J_qBI6*^OtwjPfo>0~(un9u6h^Bj9ak0o{1?ql4D56im0G9%NyjFK-H zusGZeATD{jp(&uEcv3 z!yO_g+VnuV#2`6|^YYCtV1!nT`oROU05bV0+Vd*=8-++E(zSN1v!{6EkJH`LvYSuj z`qL9u9uN${<<+er1g1q;2FF{n>Gd~|o+tK)6BN}gEXBcc!((F)>Ytgtke^^DmK7t? z^xUe`_1N}#78)lIfT_Mq!a%u774@%fpOEUAoB(D`@P+SkBB!?ALmuFTBl~-;_+iz~ z)c0A?@bjznjC8wo+!=dJ4{NlmWR2WLy2;dslCnwOT=m&55OIbG4(EEJ#u@x^g?CzS zb|njv2Qob!lToFIFy@dLkKOB+<3milHz(W3-_ja#Q|76%)^LF1OEhM;$h73gBj{?m=BCioIJBEu>x|&@ z*c|U4^>r3-UC1Q57)(Cg+IOJIN<=d$2~Kntet#+8tj~C z_M%SD2Iyt;t&(57{I~aLx9v}lKHC8zn=CpwF#m2Fivp&-nDz(Nb8mdW)lk9m*^{i9UElcL0nq>h z@KWet#+y-(Dfc;ee)^tb*YCE-Xqt!RkjL!><&Z~>x!rkUeht27Cx6^vfx*KeL#71s zS=oq!6lU*bmgQ7y*p8hM<%Pv$&9>sP$)D*Z(Tp%CHck+X;5(a{?xt}7*ph#OXOb6M zo`^h{m^!~Z7m!yO5-@jUiq(c`FaJzi;l_{Lj3*a9ON27js;a3Ks*#P1loYt8rKJr* z;<6z>!4nPi@oG8B2LYy7by-^G;u5P=Lc8s!TxE&+4azZJKOs?%JlN>9p^) zyYsWMEP5T4>VD0+5Hfv6zf@htzp1U6w6VFD=eNH71b7}WJg_J>Fvw-k+uAbc2#JAuYSyooP*!d=at@GUvJ=S(%j2Viq#0&;E!t9v5EAx5#uKx$ zI>f^-7U#!wPv4O+uo-odn*C|N+@R)?s_+NxPY$`fWz_ebag9yTG{w#+O^x99)S4CU% zvrylXO|)dcD)X=CcX7eCLNixP+9I)EW>hm7i)@uKAn_^3o#w9b#i7Tn?A)A_I_%#M z=Yu8uXg*sLG1zjIklq#hD;wnpd9%0=FfDoWNYAEmqyGdN&>D0&cQPj0i4Bm(E9u=1 zY=2E0(zJ(YwVDoFVafbmetmLsvNluwrO66a@~z|Bw^`N4YAS4HgKCbag~OFMORb0f ze*ojd?ta87b!~a#wJ(rpfjA$U*KHxp%`?+k!fr98%!H>+(8#E{PxfS`z_IYn`$NjhXZKL#lMI<0$71M6VP&kna=>c zTFiWN(AWCuyTd>CZ&wQ}C%vaFrzsZcU_IaD5a_eV-YOHOA_IVBCH2k6!f%Dt=VqwyOU#U}2RFmTlk(bS+$ z%E@Z{y`a^iJPi2 zXjUyI!7i3Qlsf93JD(grC@LTj*X58BqsZYuUjdLy?cYCxufu1T*c6&|K<*UuZ$ea^ zVkA_nN}41QQD2%bKA|7TM`g_jWb@Xtd^G_dPUbsUHpkq8xY6_3*BjxzYc1e-9^KYi z`*u?bU&0+Z-=1qx5V6-wAGg}DmhsgLEd<3)5|hLZ)W1oJD-l+Q!$kyY-LAgHC@<`Qx?c7ne4u?9^LZclpLS3*acNkf5%1W@H3s!&j&lo{YFg zLvf7DRoX>LBnY@ZzvlYoV7$AznEI3mH#;zUTe`+UHYi^~n|bS4h6fL`X!1fM;}}?C zfz~es@iE~Vsk9;*n^yuym6T0LE1d|pB=bj2wu+@kotnAHz3uJhV+#bbOj?tmxOwDZ zj`?N4%>W?4Rhy88yNlI422V@}GZ_*uE+9a$`7FnMnUu!(pQiQbCHne0HlZhoA74^0 z0tYhyzh0sXc!4?ee}8QxYBzLh-iFLZ0>U)79`EvFWc-!JIe!&gPx9M7^MS@)rgq9vT};`K`crVN^RfJ znc?G*zmogm&W6+8pD4C2|!uS3q zw^%}N+I?0-EMy#a9}$dr;`(xmtkp?6a-t?=lbR9wl|;n%UPStUf6bG zUq8<|)ja?E{dezhtJcT_t2URY=XCP;TD@U8aWdZdz#_2l$4`i9u>{WX{KQ0B+n z%fu+G042gAHkaW+4R8G*8FTiw9!|Xf@tEninN>d%w6uBVII?PIXJzxS zXGKqOw`%*)L2CElm%HxwA+}A6`y&c}D458`)mO7sKqXN={<(fx&pA=opu4mgCdJi;>jbA2fnq?v)_PvmGgm?VYjPiJM+JOo^;EV`TD8xSzEjRwyr zL{jlIJfLH*l&>R@<&>lmlYa$+2gfM_gt>OeIW(Q@+2nd4z6YVE;C#%f3GR5qI;loV zn4Ea+zVcJ|WuBt3oyJ}DkIz34*DDPDz=>jl_#M!}a_3cMT2M5Px zbH#kez7}Z(Mp^PQ@vCd-Uy#i!(80G`G>v2N5cwF3;8v-iax+N>rodm}<#^j3gil*d zK>rxAp;@O~qUq}N;7A|WxoI_J zjd8g+G8^9y>MxjMC7b1J4U!CSt7@HKSw3f=-}H}XxVCm8Y<&2F=TJ|65+0e#ML&Ggq3z zetKaCb`%K(pAc31;z_j~I#XYAP{X-9L31I8V6vE1{ON2TsFbL%qTs3!i7F?~nW*Js z7S$ubnIht6@{D?_uyoGu)r%ZNA}Ah=a`xjYJ8e`9@9A{aW0YX**#4^X+Y8g(9Np#Rpum}@3(3Jj#?N<}QqEFKAT*yQ88h$EY8C1Wo2RjQe@E>_#ODXcK`fcapFVA(XA^$tr zPf+8=_hGz%jstvLLk$54-(_7e*xP)a#A_LSN^pq657MM%L0a(xh4>5D4(%)(D{i#9 zxjvQbZeLqIt?JHOo90vWR)L7wWb)L4b;y6)UN;nw1GmMRI$8Yug#}QRIswP{U?CD? zLb*D3c<(Ll>6ijAtXxi$Ptt3qD0wlxtMwM>+w)v0e&P&)r_4BKpW>e^!Frs8qw>{@ z<3OO!6gVnP637p4(Y^SiL%4nk%Lk{-(H$2X)Qkd93KyYJt?l^Eeadm$HMe>1<_3#8PviF= z<@U9HZBt2t@HW)FvO`_{V7i7R+^9LIDDCZFx)@%kDTI%#dFEl&U>fU(`K|lQT|XMt zMIc)r$kkG=@V==W2AAUn@xoeV-ulU4y>ElWTC8p(Z`!;9hRYM*4V;QDU(Vg2G}Pal zU#L_ty)vG&1S^}HFsnsQ`>zX9U6qRk`I*#D{F1KgoW8I8bz1LHx8`f)QkzUbp~enJ zCMVbFzdZOI_MhWF?7N-)6}665>FaD32>UWl=P5CRch%~z0{?=vfMjTl%H;!W^8TVE0TzR`Tl>b$749=5T*#!OGIDvdX?xnojFcmm23y=gP%(`{cR<6RU= zRE;Gx%VV8;;f+niMk-Kg2tEY8kTHI=b!g>d(ofUy+FbI|ZNB-hbt)O*P(k#R>S64u z;BP*AJyO-on!Tx|nB7#i5YrW-gu?8;YlHn+gI&}2-m>PEZs?wqbGwrvg2S?8Z%GkM zbz)i$`G5r$u*PNAynKug8r8YqaJ{{0C(9D>AQOC~AW9pBZ!OB+=21eoREj5u^V+%`K7%8aU?Wib=)651tBF_ZYPB-_l=ahQ{T&n$g!t12~@^Y$ru z-0;>VV}JZ3uF#FV%M@l^C#MXomr~iVhUWEz`|B3MZPNdEKZJUB{LJjebqu762_Lla z5g)!ZTk``mQ~@mwF`Xy=PUS4|3uj$`o#2|WEq1G$379G+@#D7l|5Y?Ch&|smyu$m` z#_Jcnfx1VEeTa-fYJrUA*InIzByO^vJYcyTedUx(;P3o2nE6z|c4V1}_sk6y5F9Vsc+ zjjc2>!&kX=m+c_9mGi$n9;=(hF8=>`Fs@p}*!AA8YzeoF0U>|Bx5}n0NM^S7al5nj)rTP`t{*!0%Y5uLB zwWnz@mztI=KR@VrstQQaICh{ECc?LowS{YnxrJ^aJ$7_ubFT(0R^3;3HJB zcBNyM3a7l}AJNaJJY_4)V%S^C6`9Y!%hQZl=QrvKxNEnl^aXBAeorXhdFx%xLN*y6 zpwg`~>1oAmYH&&I9w)fHwjIdPyjz8kNxhW5?L0k>r4{~ElKB60+ES*_aA%I*xK$whGo^3;BZHQ%w)OA~;bnT`m=*E{f1}~O z%*4h)~@gj2RJ6KlEFCVAQ>SUA4E zuIlAe0=@;UG74h?A__6?XmV@_Bl^!A=k@-nd1C(Mx00td2Il#g{eBT2G)Un4KZ_&y zYfPsHUuP+6=8=ksMXv@?$~0!WOuwYjy`Qx6J4c4A-Mif#l?YOZZFE&ph=xMRj(ZDg4+_ zy`x_3t_&ubUzr2M*|9Z}(t-_#@|K z8f<;|h6TFI=OUEbIQAjBqj8vL&(TOl|~Ud;9!2r)f)UI71fJ1IHJr;_F8>w^)L^}cdA9p7Eq*p62tS2&&?-a zaO+T_QMBfWT?hfAR=7z#`9Vrr8g*W|xxV}s?508 zedgMI(_n=L(5aLrz(=tY zMiQ^9^9~s*?}>c*zX#PiIgcWw)T1OX6HdiWuU=SQ3*EWDe)gomh2i!8Ootyj=VaZA zK63#X5o{Y!HbH(bvu6vNHd4_+a7h@%vvFj0!k}L~c_+?gu~?&s(bN(7!|ta$$({U7 zv!HD+%_f2f;of1eh5R}I56J@_$IiTlHf@?C>nz?I-IgyCMsn}H0)hzciU6nX za4G3ju!kcOx3%-U0r`Sbz=8MzY9SFkNDsf2tjiVsTU~eJs$}W*9r@twz2Y7E4cxw* z=Eu=2@U?-J$=|BO=PpDP7bH8ZXG?gyLzwYf!;=NEp-1a}7XRR^oY>0ecyZ+XuGE>?o6P0h`cf;)(YYW zGP>i$I2`qY)aEudI`_D}d#}lE2H)~g6OmJBN)u`(#L3MAxMeZ65?4m2{>39>W#yAO zdLfwtI;8){TCh(7SR!>A9)mfF*M^>-&DSFkI);W0D0^+T+03{StGn^y0Wi4;M2Hnp zF70ERPcYL@;rBQ=EH?i#iy>M-1!sU^T^a#`P|u{EmXLD@x_5HY``BsstohL zJPbcotmBlPeWT5Ip3F5bFUU)He_NwzU1uvoxWv@CJ!(01T6Ky2Yi@THb27w26ha_| zBgXX?S^1!OSW|`?jE**%R`GG8VU0)g{d*VtDf}77vuRGJZ())J;Dx2ulhyo&Mz=R{ zcv)LP>mQ+?edv+C5hId{WUTM{s2`ZQJXi@S~g>M7srs%V7FM5#H~RLEKJK zJOG^3i(^71MMl2Noz`QEryq+9&a~pRl>2tmoBuhrA36} z>dRFzqJcMRJG(lYQ5~sNU0q$&rdc`@E5Lg@1r9$jRVu#*dk-6Q}M~-AG$lI`EGv;c27v3G+##boL{P<}s?uX8J5<%`8Snf8iS=%!| zg2`rewQ_ptm~WLddd}8MEqU~xnxe<%-chD4?v`UK!O!bAi%94W_j@=taKF{XosOW; zZibE;W|0#pKVWj)aAbp}U_VW1DKxxof=X#Gu=-KGg{Djl6xkgTVG1=CbEoI#2>e8oGacULAHIL zRZ^L7=Lz-yz`&@K613=uwA2#iyNtwYGV)%*TN13#-0&R&!?5Mn>xr!ydexZ%gio1- zM82_!N;b|a(*l%OhqIaLy`+C8m&$+XXMPnmVNcxi44NAxTo`Y%5@>u~{8wG{-n@Ar z(WhbKUXXY6L1|O^@|(Y5X)ucykDSuaimXZEf$h5EPYf^WX;#yJqu(E+?a{3`D>h^vnC3A8 z@s!qdsb%Nl@=9_DZJ2+9t zd(%EJjjhNsUz5Y&9sa>V0ojItx@IMaUl4ipJz#OnCB3cg+?eImM6EUXLjGA7otO~7 zks>HPu&gPH4Zq(C41%JjB@)GC0!U^;RC2K&a~-`oN6=jN>k1Yc=JbLk%e^MARto#d zLk8)?H0dv7{Yix!B#vYjOrE}`(=})>wGtYFH~O+)&U^XZQ3jm#mk$WwPHB{EjinOx z8R;>_xrYmkxQ3l0Yx&(S3nV_LLIeTAc9;5HxC1mdrw*ylwM+E{;qMrFES6-Z=jBJk za)xijsdbAzj{JMaK2FfXP68_N4fIlR*-mW9Jq=2CU2)&qJ~>3q#4l6|E|O?XFvXC3 z)?sR|QT1>n@$cx=*gu(-n)s-WgDrf-5`j+rcC-s|oGeS*bx?D00iYE*!_T=0 zzZ2OwI1Hj1fqC3v@pSWId5(Z2kKta>3%&S#aq#en{X2|jN9$i_wt$6%c#oGRlQR+Q zf!l%s!ZDc9Ta@Wv%=7V`F}0znoU7V>*`Pc^gJ=-GgO80%;A9z$5COBWoLhYBu2zJ) ztY-JZrdK(I%@%4oa805oe7`n66(=H8ecroX8Qji)=ofw{owqJ?cuq|_R31nE@$k4F zD)n+EU{Z{!jP#+-vjxQofuPL74X9;gPhD~wIA5G3YNfoS;0`2+*96Zo0=*A$4HZ|4ClO`r^;TRfv_$QWA&6J-$ZHICBtm)`Q^8P{Ml zfs;_Ug*+$IPUi=IGG@d6d#^QYE3*?pAOrX!xgKPsJ#vQ_)b6mSD#Ht`Ep2*kJmq}N zo1r|be!GvghjB7RHSQ0R3R5b)c@s+bL%f3tlsSi&&n|>ggRK5+s%RzZF&B&;s4e4v z`L?Tll4*+dr6M1 z2(bw{rX61S-T-Mz%1b127jIZeXD4$6gpJ8xJBpNdP922*&t=1-XOMo-J9>BU>sHe$D&WWCQ3qtqq^x2hd z57cb~iJG?i`HQtgrN7CBM%`DrL`nB{gsH3=Rp$nIZ_kI!2W?cqzkEswxN0&Paa&&zp!w#W5$xTJK5^idjG0f=T^}b!5^j+( z`#Iysqu9qM*8GLyUlaLnAZ}3;fI^qH{INM{5Erd)dB=82KliV)PrrZDKOJ1YFQ+sT zR*tXRR{z)^aH(-}gS3@61U-^^n;g^MD$??G62@wCerdOT%1W6S*|#*kOkDV;pD&uq zmZ?U-WYv}Kr-`UobJODM;^Ja0*$gALknlaVNf7jQu=6Zr@ZIoCvjX(DeBCSjI5>Q= zu*6KqiSm4lG?DXg%WV1Gl!1q6UeMp}k}KW{&@M+6ekU`*y#En|y~VU|EHvL=rAF09 zLr;$U8idTm6=)c4=ME3xW2I*?qjujmF<)NkVST*TSnXENHI?rC;M4NQrI&kfH~tEw zMeQ;zdED+iedy)SrQ$)|lIJx>Ddvj$6^dB3-!tOc>C;KDZD7HQS<4y)mA6yjMkz4+?^ zH4dk)kZQYD!uQE6S=qBSWfFVj*|}u~pbeA(@EsmXB_7fkGVAXg!t;Vjbpzb}+5RD; zqh?Lqe^BYiHc&tcP%%GJtl8zx?X0JetDqPoqx2A2N%o_awZUcql-*_4pp_` zQ=WULKats&ON-+SS2HxHXUW!XXOM7D=;NFmnV$Z1_QQ@?YR#+L3H%TwX^wFwwzs*sys6)5l6N1xBIk%EVz!Yr5L+WEhYv;CFR{wbbU zv7$dEJ>|>_D04I@Lf5%IMau_LudZQsF0-newar=thss(SME|}u6+PLJHmGqXM7)5v z1s9@vfg8Yu9u};>PMsj-{7HZL{eY<>ZUcee=OD12@Oq|jdX|Mr?$7fzh-Hw5LSg2& z%-1!J&5!o$-+7<~pyIBNUn>y|kWuDK;3$1a2t~T!M(tA2|E5lJK~zSPzU(v*sZd4u zE!91;agkX?w_IK;AljB1&xCOIhG)nwf92%ngLHYmr5d9kWk;2n2J$BthcaZ=;v}1? z)3U_1ZMgSuB2FYo_A} zih3O`KPn|>N$6u4CUJl1FHEYsM7)Eg(E0WIRCl~juZL7EO_^tsJECG7^geapTPGD2 z6imHh2o!((BpJje&7@;&Xdq<9_4+DgxwxoE4zL-%mX_)uK5VF}y_+3es$qXdlV_D2 zA$gw6j-CqO7}#t;{;(CYS4ec7E5L-iyafU0by}GHmps?NJfqgmCh&un0fB<9Qx!&d zvUi?7Pdvr-I{M>I&fSx#ako%x!G5yARnzwv2Wbow0b%cv_@Z#j`6}`O7v;;e21d;% z?#~wSWxV7<$1B^{F0Kv>M%O~nSPg`~>W9<&$zQdZ5u!JSble`lKJ}ISuxOywO;r0K zH%#toH{hmh>?#E!ByLJ3r)?g_>-tUNiFr$f`o2M#du?s`S|+ITSE$=M*2wRF2-=I? z(A)j}SccnNkXHswHE7QS%>i!MubDvIYdiRgkxXe|G?I`hwbFmwyd~K&b93+77&?Y0 zlcdp|HkgpU1Gl&#CRc>E>=HDXNvs{~o2PGZZaEQFbuYN_Jt;#M%x0ms8_|L$@%dLN z01G&SRq|;)?bdZV(0l$&Bm4uJQW_ZblQ*z9-0Jd!nBrb!FvU#=F~gPDj(-+@4UH30 zw@F|QD>e(~NVD3hvm$K&HkVD$8HN6|^X!RWA|dV@U0sG%HnEU6=S7W?UioMYpLr$* z1chZ$cZSVT>9>q;y8m2z+1q<%#hyK5t{Tndx_XaZ&_>(q|2EMzmyf2Z^*Q?b4n z)afB{>>Pl|{s#+d=SP0QSx(I+`j?+@6QPj#ePcg!(-=P4K~{QcPCpZvoDu;;YS2OhjEw$OA)6V{i^8{rBbd;i@n*z*n z=`(RORjg00k7ZIH##qtq-WyjoT0Gp_ z)LA~60U(WaONm6qrUnMtlYq0@>~9(1vRfskCg_S6cDMY4n+4Aa_xDTu+mo;{@w$Hl z(p}x!3WJ-|^IuwQXX}=q6AJMcK1;hs))yfs(4$xD`|pIlfNVz6x~WF`RJiyh*Z#x; zSMBNFId`M3{xil(DUl4Tar7Y>1pR$HcP|ykVMn&^$c5;XzPR}D*aJCnw*jyQs*%Vl z;NCZ2p}X&JjGtQVT+Y!qg*;(E1)v^YSb_^AQ&F-|YqVl`$3CeplY;U(c~O z$#g{Onv@Y$k@!}dUBgp!CTz@uu8s!d8qXr~WQ<>=T&JuPDhfJi0hU&U_uYJz5dtcDj+uR=a%7I(UkK!$dpC_w zrPAfJT}FI}j)Z0$Wl*Nu`Uao=aWE#j+p^y``i7{zmKABmWaGvcFql)Pi!a492X5Rq zZ2FR-CXZ){7>Drge9M#nbSQ=JWK+4<-TF{na^Kzc{AxZpaanSqQ7Jcd*3*C5$^f{V z#N;i`q^rFTck9CRRJzypiJCsq*vB{JTczW={TwOHch@-Aw7`Es&?WkWWrM&PUrsA zj{B;vY%c_%H|u1~ggKO1q69&r85Y|%`e%f&D5mIE)T}88@FS1W#qW`m ztLvhRYp)O)7rpdbqi^X|#MjT54iYyZPZ7Y4%rJiQ#~U*nc_+zy=yHP&;B-`(vsQ85 z3b$&%Zg8i0(8R|`h9Z^mLOaSzsT9!8#Hw_ENeQ@Jc@#-ge!a01KHmG_Z+!5NxQaOq zGcPGn{p-4>YR6r>Vsrl*tfZzlo3{=p(0f>M<1!ep`%F1J zFHbVAzw5`6dd+#5z^roZQjQU}(uJ^qR5-ehq}v{&9M((i*FY zK3c`odtu$aMkPs1>pO+;AzgmXI(7WGJ)eEpqHks@;lZii#) zobV3^qi^Q*QKfhw^5E5K9v5N&wkL|0=h}WO#+Mfx`P!teN)Zj!Ko<8wzm(4K(5kVh!fgO%RE9= zvx~vKGMeU$=eUQ#2|C03!R{9^gwh49hk<0P+Y#r9r?IYB;b<4{*s|#j%1%)RQ??Ch6G|4j;GOoLi_zEM9ZlFZK764sHzHX5Jc6%Pu2yd8{~C!&pC) zwS9Q%lQDOSJj#;TJ(Wm-Z+p%LOUF+*n3Q!q;Ws(l5pk?J3BiXL`hv&C?n`p*RM8ACKnSU31~0Av@IvBA8kIVz z$g^Zz_sI%=q))vEs?99O`&r!}U0!8FNGj3skDS?iy(?NY({GI^X}a5idiVyn2)@#J zM8`fIo~KhgVMlla^-NC|2TXqExz2mi$^VtV*L0U+GT9_GYZyL>ONOiea^M}5IDO?H z!^wmgX{=CAX*RwwWrd&50NEN2UGy(` zhBIEwo@iG0`T3H!fZ2K1{%0wLU>6W3kzXTN?*aRRe9E|cE>8Es#1nDtm_#JgS9yI6 zH*YCxbWHMzd9=JjSukNZSPpa#4}3ICoA#_$c^CVZF)R7e)+%^S-%V$GZER=yg0Xxh z#P6(*m^7|udHHKUE+Ejj{&`-Hj@y)cD9n`q4Z$HChkW<0aa?6+_F-6e)V}oE+{TO( zH{;OCwHUg#+4mhc*XM?v<10AI@z5dE^j*xzD`SJhUCABQ0KL_w^Nm}}8DX&OY17(z zx9F!%!XLL2rnj2~rA*&3IiGA?Ce_DWoU1LIq#7m{o<2Bcw(@xQyJf4Mzu4q(rP}`e z)EE3q*QB%?x+T<68h`81(#f<*S$+blwM8L^AmE>qGMW0|eHk1(`dpr`S-@%V7s9l$ zBQt604aSF(75ofe3JcF}C+$H%67RR%+(9U#AD&O^ytY=yUnu)QM~i7zvsD;Ve^j8M z1LhuP=ccFr_T?evSGMI3JKSn#jKD0bJ>Pa`P=wiIpDT(l^SP^D7*IN1jV>gSNsE;b z8lfpiSC)Q17PSoF+H1-QrU}hpY1R0;K^&bUPc6H}4@=}0*RqZ+z%Wk9i5}G3`+D!Z$YZsN=^3xb&1M+do>j9rzo91Jar90*ZxMyBJznOMycrrlVqUqM@Y_N9s=sw^VtwWt zXVco9%Zf(}Wj7}|nT5}0m^FApz(rzf^TMH^01h96{Vqlh0b<+6t_+7uaH$G`+(7o+ z4m~6-CB@mlsd+?;@{9pTvwpsT5fe&59dH}7>X}y`2qf4$)_Jvr*;!xw9FQJb_p><( z&ri0McYlRg5%&$(wmQIw30Lz7FLIs@(~14fv=c~S{TXQXO3)j6<$~JE@6a0TUPib- z^j491K~WVp)JFG75ZdzF>Ri#eiO?>rGV{6npW<3;X3dvCJHNPOrXZGc9^D4txa|GP zb|04+XgkhHy(DRNcsBYSZMGq0pH@qDdU9f-W-rxh->%TYgNakA>>=OvzajhmT;uY3O0KrjCz8c^fZD(oY3$@Nv9)$9_kBx0SKw4NVy`L@jSIw5`8`ikK z8K-~HpKUmA<2UUu!w3!MxbAwUeO;GDqvO}2`kMaICAyU==rPHELs&lJPn)$JBvG$B zcJk!fbCvr5xa;L$X5>+7RsQDRpdd&HV^Dv5^N8xCMg*NZ%$fT5t-SdIgrIC!_XXoo z$gt@`3vGco z;bLT3S~?nck^CVR9f+~>BVLsm9A4>(McM_G zLk@rxk{=+q>=YT=3Bo2jsTVMH?URXR*N0a_0oPTPE=#TVxS1(M*d`AFi>t3{NO}!b zC9j9oj^mzqhvU;CE*pN&cp+XH)Og(wK6BXu=G=4_M;zD@(kvVTu#D>FHTrVyWjaffq6(3< z|IqRATXg+=5L1!Xr$Ru!8GE$erRRRDVtfv7!iuie+`qE5fMD31uD9mOj+O>V=po6* zZ7kWsk;k>p7fC?2vE<3syu+Ei;bfMXUh(pj`LE*d&o~DoK z_c1AW{MV$GXZgKGfi=H^gV(%7sM+&U5XtDUFdqzGpPi7;Msss1UZ#)_C`3S3mp{9O zgG~ppd3sbg$H(8KI|c`Fxg|fml@75DdS-pknw%h)sny-)_F(oa@i%tT53)#$xmHh0D7>nY%(#PtSNt}S1`{$MJjX!t!E_{}$d2i>9E36@J=2KSj>sDJN@i;sSn zpGE4hwYfa`okKeVoqby33&Ba9b?B{wDIIc6$^Emq2t=3#vF{{-Ga6i8h0Y>z>Ra7) zVyn;Qr$?WY$ex^qJ+rRGdFk-q5i4Q{__k zrR1(@Q=JwF*QqsSny<&OH9}W4+ucr&N%l%WhQR|&lX+0eG&~oe*wsA~u#8@$*-i4B zf2wc{2@1gtlB;l~1T}{?D=VR9^90vL+@^4h>-nwL=Y{hg53k-b%EZOT7gybGDE#pw z@%#{zx-%qox~1J&=7DJ?=`z@c<|GcJOh)o}zQi4P$whCTsYV}6j-D8h)8sHij; zbc1v^N{W@p>Xrf@g@-U3tCxjctH5Q z@RsB&KVR~qw}7iUNRLt)kAUFM`Vb1tf}}26ggoj|Pr*?%1|kB^E%upm$5*@|NiNT#F9Jf=K#|JgkzLzy=U!mo^b@oXo+h&$owk8rtv6oFj| z#PL>+P!11Vd^6PiNzKOeKx6IC_KMM zp0fl@yt5EVRc=Q7#njDw8C zfH%plG`5wBc!XK&@l25HVn3mAd+kluG$?(NBXfI_4CAfr72Uu zmL>tfh|2IbY5w8Um*|leZ@`f#YE`{m91%pT!6@}I^Yzx0qaX~qsN{Nm7FV8nbsZ_5 z+F66Y1UlcK&z@&a?}F>xU_RxLrR6x2D>yUs>0s4tSf7+Vv&MNj(lf$1^~`y6??L=~ z$1K~QnULqUZ7%<1?ms$uBX~=|r%|bO+at)?7fGN$xX(MS5a>zI4+aM+10BAEEzGRg~r0 zL#C~(jcWR~$_YOE10!q#Oy*d$pG2Pl(squ5^7X8r@>937_;+nl`cJQoDQ;&H=`C>Z z-ES^Di^JM=+>g`;hwNV1Y>lSjJzc25fA4s*Zy^5oqKrb3;*;~$aW&N&kG$6tP41ec z*sHr%NkGR`Bmulot=9-OZs;CYu|}m#%H#dO_mv41-FE*~djPNUMP?6`Y?rp7q3Gg#l|L9w3Y3zN#lK$}2wgu&yJ76} zkQZ@&zc70YGX1^GmU$r%K<1*dP%xHo_=XY-aAMLr0vGwb`N6AJK^0T*z44Fu^qri3 zjh%urjEXP~dugjksy@P-`4+DR{~F9mF^&JfO%8KqIr*b_9mer@{oR1rmKFiU8X=G} z=5Z*J$CfQ=I#<$V<55-~GEGuf{eHH>THsYg@Cbn7SMKh4BNoTZ;%j(glaq`&2p|Bt z>Aq&E0-CA-2gCe--=HC?rEl8bl|)Da(&fXGG(zxX0rT=R(FBC`hi_6MdUar6NwsBe zXGWeJ-Qli-{S}AY{c7_B3Qj>-ha>P4z1|LNm{_4wo7s0KZd%erfmA8+tI_cof+u%~ z)7;%#;Fl&d?9p3Qk%fSd!xrcsJbO<6sF6}QkJ{77e5!qzA9_*fRvq+;bI(m$+DAsN zO49RY;v2I#PT1m)Vbd@$xn!s59vh4=0Ge{n#$Lg zS^$6iyH|l-BTeq;PB7QZ*e7tKl-{9j-C|pN(7UZ<>GTQ^_GZ=wu_@RP&l-Ctz9POL zB7_ZPyr*%y7uLUk_@Q)Tc;7%{A>FOMDS?%PBOfW&`>(S;`uO+}7kuLzBVa$1!uA$3 z?n||6Oq&Un`Z;j*eC|p>&q>L6wr?HH>I1ej zugpwiIv(M?1>?kjfJ_#kLyYcAADjdgwIAszfq_4!8ZTT6-s?P|_3rl@*4y0P zjzgSo^AoDjHBrUSMMi#Eop2EldkL*|^S}MB!ZjNO-NS;!erPw8$43AMyo2{2V`uVO z`XEpO8|&|5(26k~b{fNJHpmXt?XAjG8lCgh003iotl2}|#f6~Ii%?D@q7aaE7)V40m&e9@P0gg zCZAQ<;aQ ziW&Cy62Mj&i)Ty}A@hXA39IjJsmN%c-HS&~PfC7E*nDGt z`ohRQiIndkKUZvIq`3gOvn~xkxq!==iOr0Rz&8svQqg%$?~G)~T|*VgDR>RR49wAv z`Y9qOXM&r@cye!vrqNQugvZ0w1s;;=teg&oNCl-U!XI#ALLd+YHsUPsbC{$T4S~?k zc73lNFHo)iUKwpjrbrEe2yQFx9sG%Y&(6)A2)~J;i#FdFrt{Z`sI95oSd-S4xnXFI zTK5)Q!x7A(Gq(q?}UblPppCgi$#6;Zo*b4D|P#Sk zS$fW5j|FKjlsn;Cer~P8QKN(l7GsLrjsQQ7{0?{^kl^Z1EpD1+i>v;)nk)XZ#6$)^(y5NsyMk&I3p|Eqhe^*{lqtg-+dC2o;<8= zaehdU#AWxH5?-NO^jlon&yJWiQQ+nw`Qy{LJwf#Rya~&#l7hL((B!1Kac>RPP#q$t zpTw&oc=p)=-)BQYPN_FH(yUD~cfe*eW;}*LAn8rk9`_(We*um2{+*@^jLr4h9<}1S z8B^VBhKO^|dpUv-!N*60w0A4nzVETz*fPE~_nnO7x}m?}iVyA)I4+aB&(1)i) z)5!k_VQK2*KmF7x26z{9%bd4vDA_GEmf)61uJ<&5buO%otQvV8E`lb?eD>Nrm#TYK znON&rtN$XezfEj8-%T%jz*&IdmT(sW@p2J*Ll3snec_S-;x%{>UeegeS7pEcxloq) z;T_s1xBE6Fdj{U$Z>g{F?`g4>b(+Kv*&o7NPCLaH-)|0QV0dX7-NetVAO(??J(CoatQRgOphOMHmo(9L!G;cGqvRR8rY`cl_tq=Y)g0;oKu ztE@b`$S_1pAYMV4<3*P$r&`dWLMJFGKHjBtiyk#N6WQx_`C;EHiRYi0$JhoOCs}B) zIb1Y+ym7?EB^M2~+DuDy-*zdFOM9K}mMOron~?cq%{oS@C7J}uhyfm|A^!ht4lbaH z2`In5i43=&oS*L>x7m+Bv72k+Fu%Fx={dx#9e1 zycNgOT~~H)jYMk_$fwVU8Btl~(l4m$x6iU{IUQ(;cn8gjuD;&Bm>4zt0BV&-U$e*} zwtW4f$-vjo9$W2k|KITii~C`g_UI^k*{0^flW=iIY6yavKpEi- zC3Rn_W*}mRp11hRR8vFX0Y4Rk_b_gsawLq+O3pD$qABtI-^Opx-##U1&qusaZ6@`U z>%PFHlTb?JVDF74!eif25h7$SfH5eocY9+ezmbwm0E>v9Gd4PEv|_JE(tSn(@%8I_ z&&49zGjTy(E?fB5U+#k{t#!qbJieg&v)ebV*5}qjaC;3NsK-eC@0tH@LeQ-h!F}>_ z-2rfz8YFR?e7x$sWQxILhUg7Tq(7#Rrx*X9b>jz`!xO6N?!23$6I?^D-vGm3Zd+Fx zvch)Smdc#y9AoSb&tUves^OD3f@ zkOZxaoLZ*RiMPs{|~Uf9fyqwg_AQhAPzlEuiB3w=@QC$a>v}eS6wB<1CcB5 zul?S5C6=40?!S(hYo}#4AYQ%~V6S|Vnc^9_Rq0XsjL1kS??t-E>60>U9EuT0tJv+T zIOsDcDootFaP`5zB8X9r5+N-u&(OIR594vL`77l0oBgGv$hZeREK$A279#~yOpQ@D z3vx4vq2fxgUlcE7NoipQOj71yYG=2M$jlwDhR_!u;h7ghdrEJJxM| zy-ldLuCF7|Fouwyic;9}DyK?VVBLb1>s^290Dt5g2(3T#B~bQi1Qs)AbcRoW2JZ#( zKs{xw;6icycjyWEpy;Ok#c|$`ouRs>O(e?)E|HYH2kgRZUtF~+H>#46nnIIl>+Vs# z7OZtoKe^!`MW7JcXWSGc1OzuDtIhIV<BO-V3T;n9Dy_j6x|sJ-UV4_5jgeJq zhw^XKd{xA@1{XB7N;6l^m8r^CrXg3Nm2}J+NdlhT_WaVNyxQZl!xzuP*H~d*iN8tt zZ@2yFXc%SRvyH?3R9JF z-)xcGQ$D_Go;xo*zVZ+Dji?qR6Hh8s$A9WHY4JXDyA~Q@)b;Q=IIr`U;-lr z^g$R9FY?+_(;??cX9o4We8BGb8iJ@wco(w18g8Z8qNt_*a?Blkc-!3}wUgO)H_cNI-C#N`*b3*VuqtW`b#rk<6^z01m>Kh-;mJ-T8~NHv2qrD?VgQzw8_8A!(B18^ z7t(eYGVU<^%=6V%?oyQ6-@cF5TpT7ML{An-KiE4Cc^2J+qU(dE!<}2Ut!Z{@xJFTia zS#)2Bbl6i;+5>z{;av4qkre^igMt^qpT;{+z-XS(9Y{LGnuw25r|&l$vS*aTE40kk z*#{N^Pu0yXF)?n?>BJz`c;#P5_LK?Pu>W?*b)Te}^D{(263A{kw8LiD;Tr}FVu=E= z8|Am5kIq_N;_%)Y;I48Q5Zwl_*MwOi`1vnv*X6{%_?}c_Smk1P4|}`Jn3(|C1*#8U zaQm6H${ieX3_)Aey?a}KQw1sx(A!7Xb8pd(MHYM2Mfn!~;MBB=!Wh?s_n478YybgA zw%tKkxu6S^A~7|EayB9WQicrkxHFISz?M(eg$cDDUE=|S8S?X~CCMT^6Y2=}^){{K#v>Tbp}y6$Bt#MM|U-iAJOO@em-=rXr= z8GDP)vpW4bH{Q9|$Zj~nEDUTLu^vEv=3~gXAJ8Nh7t3%)16z2>fNB_o^%Zu=ZA1jT zihxJjF%>vUq>yy}t?@l`xl)ys*CdSbRAwUIKfn4^ zfuvUXld(7ADMBJc2$LgE$BC+KItBxNt>GCfU>Q4dkK#|bxgR+=_MPNr5$i#i?l6U< z&$|W3w(ZQgZg)oh-5=y-)N&Fv2vBOy%8Aw6<&utNJRX(KV4bUXYz9iQR^coG^Y&ko zZ5H%pL*`6Whlq1+{KvlYSD!BZt^UT!$K%Mq89J3#1>&EMF?pxyg*{Y~V`J5CK2}zh z-3IZ{p-SE>3u$!H=TRcl?pD7z)PEF|j2}rBO*14Qf)6SmLKLV#L0~5&&TRE7 zl5IG_w$A2#GQ88qhKJ2T{N=*oS9*A}y1Laj3kLlxoSY1{P=P6YJX_dF(2V(kTdcA^ zl$TR56*;F^i=>>Sx;Y(5D=X;VY`PRVTnf;kvG&FMa+7qWb38YNzsE062%L>q-8_^$ zRN#142mR*X`;ikh*R0}Qgw^ENNQ$P|_@zT0RN1cdfN+a#)?^65=^sZHnSUPw;w$d?jex3w=A2A14w5FzX z;Pf?>e^_rCk0tQ))=-?af?1$yLHu5{bTVL>VH6uO{6yUt1|JK`d>zEVyRc!fq#WON zEvsq#VVfQYQbA}F&oQJe{Ac%U{ z@qMzTKnhn43xZ|H?5mfbzT3;<>C9*|F0qi=+nd1dxILv=-W`z6Qx7FjWw*IVfXHAxcH}Fnb#WB2jo73E#Ol+gm3Ocw*{<>o>V@A8Bnc zVjkrql+_dND=p;KMFa*p2}AeCfoO>Bwl`~ ze}ru+mht0OLxD$*3728)jS!FR3lJj9FSYuqe=GKp|4`<=q(+#a`xo(iYG+5f(eR^8 zS@G{II8m~ZXY%!V$z9nvs0N#Mi*rh6-RN=F9yV%(3M~?=rm6N zKbLk4Xr-{;(bevwvll2@2dIu6ee(BA%+i?Z#wM*d=U~9;atW#PzC(MU>?OTm4w4Oo z&pJPlo-O*#y>#}BLpS&C5^%p~XhCu%-le?Z=0Q1~tZTKxQU~nRifY=qdKAAhxDyQQ z_p`3sSP<1a7-xNkIBxLJR`*|AmBo+Gat#}@7Yr_eKwLk#4|i!fvxUo^!fu!} z>^+z5>~juxRl8Kbk&ti>+O@Vjwg`9sg^j26k{Z9pdf)+^l?tsSuE^E%hMLc^J-Sv_ z@~TMdk_X&>$Y>BzM0Kk|A6>A!=-zB?9r9SX0xe>aeR~__}-MbDc4>({5x0T%*fE z^TKP_>9AqfHGSAw5!%06^pMY3ApiQ2<;!AVuZJj6l0_qF;qx35~q>l(Q>`DIJYw7)b}y5DQFKyJ@eT3+?JY%s&z zZq70`lq_@w_x5jE1U@_#j08qG=5q0qu=u)&tjdwiBsRoy;Y$By_(zxG7kXJC%%;`A z&#JDxtKfbjoACBe*b}}T?2yd0GLR{l{F^X@4+$n|Oj~mOb(GHVoJ!PH+R@DEhv z|J>cFr;=bz@%yH!qEO?o?LTfIQjt=meG$RIWFz`L@%M`*h8#qxqJmM~ldknT7+aHY zoE}{@HJo~|0@Ob7^R}t~H2CFr4g=f2KW36&E#Nsd+7P?RhsZQmAE)J|l&qTg>#;KM z3;k6Jtqw_7tL>$7M9(JKr3ok7T+DsSdy;nCzHn7Pr%K19rT5?umdlQ#Ln7Ugb8OvQ zO|B3|8p3b|x_ORaMKWfinBv-cc!?N0yd$8u@KlcL6oX-`0yc@?Ir5)c1(R=^7|9d6 zl8{}lIJ2n_KbFZtGUuy*7g~I34^CLClMV$0PzG zFb>`JFwIRRq2L-DGt!q#mOb`8XGm4=U^d(YR1H%7?ZA=pU)YWhs{pVgMUVZ8s0SJz z{g7kxJo~Nw_s0+`?PJyfLy}y>1lEe2v0e^*MeSFazt#U-K_SC$$7&113KeIF-JxDs zX(;GG{qfWWBIXsaQdDR0t9?hOk<>Z(m12Hc27jWa!}2tY6;m*@Q*d6orRM*%JLUJ& z*@tK0IlSJlZ8geK>#~eRmPY>GhPq=He~6rdcft_3%3sBZnWV9&nl4v#>OolTloA@{ zfQ4NUDu@9|=hYH5F#;JE3Re)R>$D8{Nsa8$$J>GAQD+Az?O7aek%CA?kEDl=2L7>& zgqz!D@eYsOY7vHD{^^Aw|CFj);j_xiM|}`4TrmOx-Kf&YzWbE2AFH|(CygFMASRiG z9|B4qd(8iw>J{uy(43 z2#la0LUBngatWzD;TKk?D?~D;y3XdNLPEg=IIYiSH-YrlU(Meh92i&4(-q0yLyJ}c zE?0=7V#6AfAs1ttax+rX+Vx;G@Vw^>ZcmP4#hpkuu2Xo@j*!H<--3`plJBC)?gD3s z^KxwPlx?TC_ixRuH)=D!9y!&%@U5AT8x5(lXbd}k?|Qt|L)tt#CK9V1-^_O}@7bSA zQQ7xeoD3U$>F!c5dE7Asne0;PH$IT_u70^8%hoUN)%Ov~=5zH(g!7}g`$o9bHGW|` zx^ds&FsyK?t@6$fj(4=#%k*&cy4mYc#2#vCbY@HYNHo{a-|NyV zXjRn@-r_AT(7#Yu;8Y`6Nx^P)t<&pHf38`c%Ymw7yPB%v<701>H=HTK6jooOrl&2p zS#sy{^YgGNG@I7&Sa?2wcq(ayCP`NRb+hAG?c5S-t81cjxvr`}-+))yq^)g|>HQLU zrZSL=$=hO>c~Q~0$sbCCXubghd+#)^7oN&Ya}P63i_(}<`k!rz9b_7kJZUzYBJxYt z`kIAESJ`o?ZE>Arz$5mc+8N(VCMl9q%1)LqJIGt9HdWm@ZM{%Vo2_41SqMmB_5AL1 zA0o(Sol;MLw?=W)%Fj-bxf{;Xa$(0q(YWnYd}z;UYE^QrDk^O=&E${yQ;)k(Vld@( zxrM<{9gF(BL^mR)+vGWkRVT^gL8sR4egTdFS(KQD99i!Tr3B4Y$~(}FMT`vz6fVXJ z9wR0-8gXDVQ7R1m_U%WgDk%zL(sBWTc)!KRq^IHr(-Mv29iU>H+Ep6KqPy04Uq#z( zPgIRA*%Wg0{G{h^dkDyh+yZP?$C)oxb5dadT|5mX_8)KHy5LvWOPULM75rq3No#!7 zMGjcN5mL}(NQ3ean9f=p+U0#gXPJznoijJ0Dw=^n7>*6uC2h~$i1k*~3R5K-Yj10p zM6S=<{v}n}qoXAzz^+9SP_fNGLu*>aY{#_ube?^wjmz(YjYr9RKzV4^JG}4Z{nFIh z@)W+XzLmVqR8KAb7LD(xnhBMu^k@a7lX6i%!$We_r!1@~O=mMlGpaCPVgB!#HXfJS zuhTqi)Zvs_37I_BLc3#|X-!ECy9{ia@K+MFPNn_UEpQK7?SrvD>`BYznts^@8xKwt zz~0eXVBk|f*m2~-ge;@D9YNx_q`Kt0H3!A^)H@WzgeNg{r{ii#Dq@c5HB$lXSkec9 z%raW%afo%{t6gnWnab%MfDZ&B>>f1I*dO@JC05JijhH=55y1Q&eG`7I6+{fOKHRII z$3+v6DS_zQTrlgob=+To^&GawFC6w?kYr<;`gymL=<@a${iS6dR|@SzOm@&l5E-5y zhLxc`ay2ID?6Vb4=I7~9ONo7S%CDxD|3nu(EEvd#3L5UZe+FfCseBoY#QRQ=2cv`V zXtwYfvHJp6IbtAGieRUwP#*9o?U(VhIQJ}#7tr#}7v{hxVf0p}eL7Am+4mpGpPXVR zWj$|BD2jr!lxedG!SY7BeFP@8*$VrBqeN>o*CbxPGvuNIC@Jywd1ha%=;re^Ft>HL zu+3}^hp+#x6E`Y=q@O~ZU1(GRC}L9ghv^G{S! z>_B2KoOZYmPwuy%L@lNyN2P1tMM1lyVVr}fOUKeKXumt+Q3ltnvxuK5B}!-v2;v^n zZtPPahg;D>eajl>WB#5*GU4D%zanL9#NL1-{o|Yu8~e427V_LPa*$~lCiNNNQP|0HHWX( z|ATExyD$7WupkCWm*k$tJ?~1&Y&2=9tNeH6S$-{!-qt`m)~X?Vk!mZlA^l?GeTryrbECkvB$8lpB?7 z_#0}Hh4W?yP{_Z6Hv zMA0GI^*R-xX{75(yzSmt#;h69cB_iz0@9>OiR7=E^ssAnmVUv@fr*ca{X`H}%(2={ zkXyC*6V?8)jSlgU_nJk!Zk*k!X}5-|3!myF+Ww2kN=;ZKRFwnMqHV#B*Uu};x40FR zD|u(ygNC+I*9{aBHFW2yk`E|T?htVbGvV9~1u!0`t4WYSfzy+`i$b&470!WNl984! zlueoZ4C-w<3nd<(KSxpYIeV(Bzy21Wl_x*seg|=H<4KIsswF+-Gtvoh@es`B{rtF%vZsvWakCe6zAFG}QZ3Gff zz;0%-AtJbG_4HbVTMg^?iIxNAd{9X4SbuDvM+km(POjTSXLgcih}O-xH7KQ%Xjza3T21nye*~;?PKPj^{>4ZGGt(Yp9f{`h*cKV*8X9x`(nDx zo67I*|C7+m*Vgg(HHw>AN9E&fpbiRt3x{p*mbT2beWixo zY)_qt^_nR(B8nB~l z88V#0qZ1N{O5)};+vUwmY5oN_on5EL9$_){)W(B$4-MAdiRkJ&h%+?T>o>vSCo}h* zKsj6?*RIbTG=s&8bPM2X#|*2oyY=Ru4V<}Y%}b%&YnSRuiz;RcrSqypwRZ&t)R7Hb z?48+`(m-%qLE1D!@YARH^s7r$z>j00nVEwIORIA?4#K*}e}4YV=Q^P9Z7eqq0QJ=oQg$en z-JzLLsSM4F8)Ksf&A4e95J`gdVWAvs>_lebmODp!`^$gSiss9TC_0KjEpxM~KGJHk zf`G?)KL*SdHXSIDyzs^}Je&;w+jLBH$4lv7lL!$ExdGBiw{h-93Q~iTAmdb>pl{pS z-f$G%@|;s3nV5ji&_Ab5kzWzpl^)YxdxlR&^o?GemTd+?1Uq=4@aCeVa8Vj&F9su8 z&9d=rgC#r=y*}DW+)+xB*romupWUIYM-4+VYdW-zyRM)AAR(;B)W7B)zL42`-N0lq zXQ>K13J7tbs~g>SXuLPP&Gg6B@p-#3q(4v#g%tAO$a<~rMJ>_MuS6M_*}Lhm2XVhIJmM}X(tVSt}xKe1UWDJ;8^J>~#UKB{(CUz2EY z>M{GUyLg{l_rHMcVJ?%2A9I11jHPB{(p)F7i&_j?rsgj^3;lF>lyv3?ZB)lo0+;VS zw@_->VmmeZelzw%a5caWb`xYVbMDjG!M4ML*3y#%mG(q;6pv;~xXIkiSoNQ%^Q30y zRvo7WLzF)BtVp++9d%u-nN~Wc>)9POxIa|G8h+NwfwbAY)osUT_5uai!_vayPj}L+=Z#Mp8ZS@8fzy`K?s7hoiWTa>nfa*dHSzs1 z?}LmqoJ7#ycw3ii6ohz9vbi4HGx*sK@6cNl<&4&opAD}dvh;%ieAzKx2OZ=NV4wyw zwf!;on`6TT$9L6kZR@dOECPBCTM-j^=(qLf)p&uZYmZ1R(G^gU%b!pB%7G1uzuI3T zMWd#Q zJk+p;kvKT?{vng+RLDAds9uy1gM3`_xi|gRPhK}ZL)&TpgEV?Z7dTvw+sku-}+6H0!dmQC?L~ZSan7H@> zf$RApDGz8NVy=@wQ#ad1iu#8#;}9gBdA@e?H2@t!-ndiTwv`pEQ5UNIp?o_>qVfd5gvFlQ_8~I9^D%+)v1{X1 zgO6XcN^bUG#|&{R*BO4d+33{#*Y7^W=V3q`5qi ziyxUT+%^^3t4DyKu60=f)KHa{!nh;M*zQCvKf{kamE%FllH6?6DmC`n28TEBIKr&WMz zt7=vr zm)hkVo}a56crvI(I=8Kt(KKf=ionGyb&X7N^}YL6C=XiEpyXHU96D5J%jLQ1D!`RXD9u#2#oR zS-iUWoAAzI!jS67Lw$Te^jQw8f2dm`J3Q9j{kN4>+H#Lo{Hi1hk6Zlx6BYr*G(GCM zj4LD0BlO!0>Zjs|y_`+1Oj4ns7Yla1ka&LyvJt{yzI^fNOZ@FsUO-sOEJW9Mlc*Es z29K~?g}DWD^eR2FD)_{#WdLY0lXM15`1*g?_GBRin{1Y@dei-a?`x|YsFTD$Rj;8% z9>_n_!;!5vyBL5C!keLFKCD`Au(OCV<~!y;$@h+ov*BwrAx#t|UUfF&orqa_(!XXl zO#h|&dPC!czehPoSo`dk#T2~;KAI-8iZGNq6zwS6T*%`cJc+*Tgx}U)!Dg+*H%T3y zkwo8e&I;OO_G-hE19APbRnM&hgJ!#$A#xGbW84OnpypD2DHE z{Tg5|2U%Us>YcLA17*skIF=H(c?s70(s4Tab5}d;=u5t^RZUd=S)Fyk!NC5?m@BH& z1{K}1w=vB*{pLT!OB1>WPAlKXlC|9r`Rk8HSB^KEJwhGzaPhMq^n+QbxUERvefpj<3}|;-*t0t45#qa^+waUJWtrOI zw8|uhtrK78kWXNwpbVC|(wM?lAhvetN~ILILNe^H6gz-&T% zE=S0*Tpwfxzl6iilr}aJQf{~?7mNQu&Px9j(fKP2$ z6oPGisioqw9X`L%wS6RNdfnDSHa2ol*`#Vv^SK>}-jR^|uWfJd{f6acD#+#qzfi@4 zpYFaXQ5d9hY)aRpJ1xmrA8I(8GIY}L*6MzZB>F%XtH+P@N}F|^)KO6>5R~T9^?Y7I zP!US|i8yR^CULw(@ zZmd)iV_B3)tmA2|WNL}Y>4rM`sF$IF$%H$=pV_=4(XppI_uYDhLEY0C0e(4)wDWI- z6vk!1&V;Z&!V&QkAddadUlg?axKcXR)uSdxi{%aQ3zx=0Xwg9FQW0+Nm&7W^C%~&s zrdFZ}Wog(YD$!R`p`|xL=#U({G`@Mp0z^P~pzogY>vrg%$hgVKkpt-C1J z0*T)Hvxwc&*gN7Hqx3(go38ScJ1(uIlVuj>-Fx@yyz$A5r=6nxpAlmzcD^*dqP<*9 z95w7lvY3!OC4oJn zSEU#~v$(_eIi^3GVFTN5qwFWZG9DJqfUzJw*>@^9X+_O(1UrGD_ixaHE1msxOdM(y)n zx)H+_0}($vLOFEMe!{^S{ox^Xn>E6mpf4ywf$j@GTN40=_PzQZklcqATAo*9B~_m1 zdDDic=bJZiCm$M>OV`7A-foV-xCdRHTVrXxHXF6)v03yf5}pa#ZzEBBmd)Cqoud~e z#YTx$4}pZ5IysH^Cf6zufq4l7w6V&#M6OK2XC@|}eEhYFii&YC%|T5SVhciq_jqs) zm$U!O9z)gW>_y_J4T7$xe;NmO0d;#NKTio7bFB1Z*hBXHe~$hkO!xT6!j8Yn;1A8` z)VQgmcJ&Pgy$(MOw~LeJby;PmA=RmN*x$gVfY3}#^@JVC@RtP5w7fR+Kl_;I1jdPA zg1AZ732$a;R8ZGHC#jh)1KL~~%eW7!h zQroMHb)N*&0p()@LKlN>n-ZI17zNFj-RRr75-(x4?_c8W6*{QkTu|k_GN1>n@kYn_ z<%!j!jl?4BAYs~t9dYPN483)X^VL}L*DTO-@V|uQl9jh zSp5D@`=iT$ZKu}Yx#@ALczEW4I?^Z+|^)1A0%B ziIsw&1;4NZh_Mu$e!)GtxbZEfotjCW1Vz2rQo<$vJ6^G#A(Fww8xYSZPfBj}?Wb>|-$KZ7Fe_;C&_e>a>l}_7N z5{x~}Pi8OJN~UBuA1L94Qd7|0DiNs9_K{mP^qwV;>9X+S5no$MEZK&l|Ij$Dx-)mR zjSNVVsL-{u-y4nwC5}+{fOp*reTW21h>G}Y^O!SF6M^bf0RhvjED}s{3yXwQLg>mb z#k_QB<^&6>iw|)@tu9>S)+Jn)t968B5f|D{Y%$ILd&gqH>LH_CQ)Vc!!RC510 zx+%tmyFFs88FsaNRzd>}r^U;X69;CW?|3qgpJL9;2#&1@;qS|Na^W^tFkaqNFj30?h`i+3TowJG1)6 z)W-0BDNwf>8Uy;k8&AmUD7kFy-CRc8=^tkf-n0oty_k}Vsae^QAKRHJ31jI-tOrM1 zk(#<=`MiSuWz>9h(?q}Am_Bv`985|-H(sCFFni+RmG0WX;kkx?&Ulq}_gE!!NJ4KA zul(jy=7!rA;PgG(wXC0^g=R=h;kmP3HMFDqssiU)K_Rl#tfX;rQ$i(>MCVj;dGodl zHC$GFXK8~!n?Ryn;a*Cyre_2^t&S19BM+j)iL)ZWA6crLjM$S~t`7*BEY(w<)vM?Y z*|vneq~B$KZB4sh<{}!3wV%LcR|hJUlV$o^4}M%L2;x8xNLvTa;HU~OowgNRnw(H> zmAY?XwoO!<{nw`*Xe}!?amoaH*UgnRy~A<1BUwb`)Plr?f#;meDZ=(&8uo=B%OGU9 zT*)`o%>;)s<*cL6IfEJk>3XT0oyKTSsA5h+0_!K%j40`E-(P_iOh;JPbOBu6@%=xg zp6c%mR%J>9b#f0&=^T=F<6N80j#0%b`;Do&(%ogm-9KWwOXDrFCrbn(QD;(R7Bn+r zAt}AK0sj8}a-_Fb=Xd|Wn~|o&oRQ-mD-Rk6PVA`LxF4PSAY7OWFjI2d>`Dlwz2+Oc z|NV>GIWGwTf8%azw*xALq3AKvhW<2rZ@u+lCV`wD$Bcc-!L^dpVo*xtS1|tN{C|jg z>#!!@xcz^i7(>8dqBMe10!lL)B&AbY6chxd2BYiaL_xZw8wN-zIZ8l6knZk|(KTSd zYd*i{`QCphhr+?VJFe>;=lOc;aTRW9NB4}bZjH>DK{CTNnEhCm{>IHZi-Ml6320@F zXo#}ixD3fOs3O;9W)2?hWqn}x(Q{yvwfzkB=4bv3L9TL zKh|1~m%-d+=Xb)^n(YzupP)$#IeTtz880A3p?!OSoBWwi2J26RI(}|xAFl*RZZI%Z z5UWZXUMXB z_%w;_!>bS-?JWm1Li#v6yXEmPJw3fZ)X2c<75*y{w3#GyArOeJW=L^((OOc-6(69A z1#PzZ?b(cSH>VUT`rV?X0+~V*(jgC%vUHFLL>)~OlaO)?5Welsog0+s1f_W5D^R@H z#j#KgBm{$FAv}szQ|+RH-YJ4+9f85?@V;wK76ko46q7p&j6OkYk}FRCPYCYl)mB) ztHhImh(|@0qI>1tHAmO!h#`IHQ8`(iovI8MH8;iHEpP{4>;hvX1Bj3M0^Z`Em(E}z z8WipK1$TA%2&@0Qf46}iN(Fos>C?l7lP^Ij>kUx7bV2EJN&A2-(ZB~EBrPZPR`r)>vS}bxsE-K@9aV;PNH5@ zXTa|Z%)Qlk$D(mV(iQRN;m-}=VR(((>YwWF)hx_2Q)+5zB7v#n%rjJ4*!HIEtgY#3 z0@7?p>h&T*u&nCjZdlSo1t~YxWU)WM1uNmA*7L?1Bq>0=J_ei}wfNAl7KfxwP0V^l z>4#noGcX9_B*CM?k$2mi*-Su2p@6i`s*|tqDdEnprlpttzbXyN1L&=45PP+?TwPL0DB8zQ>B4oFCem=cm1W3(7^LXhrrOQQ}-rV2AFvozJ)udj5K^-|3DNmP><#kSI41Ra&~ad}{0?XmE-fnf} zB$jH-8<_D-(JH}c=9tLVXY_iS>#R5H3jc%6*y}X9^d1{g&_@|3ykt`1X!(&g{VzS? zjq=(pEolw}`;sE7Gpk|U*}n{bL`@zP8z*PPV~YvaQw?|nu^&GrDf-?fipuelH1u~R z2BxH=*fQ9xm<}JIRPJ~Cw=Bo2qe6^lIZ_zV9I#;QPHVmS=cTonhnGtr1Nj^C-Y$L> zU8Fi6#l*y9I&}<+RXF{MZ)un)gx2Xln^`#yG_l$r^IQEOD=!Co*oxT{B&Amo*qI@6zz?Se{5sqKK zv$8a#q!aAfo>4+Iug0Uf`K6(sD`nU;XOq!eN`(Bbl+S*@kyNr|FkjNHxo;hlt(2B% z2(3ahN86k%7-~w*pg}Q_+KdV4&ffo$Gx_o8hc{8`kcHXTs?{dkzzsYT=9EnW5Zd;Zy1o^==JQqwe@`()go9D}!hhzarj#M{GmJ6L3d!L77^>a#d+^UArAh_;N*5AK z%2IZgU$?VUzhVSHJ575RLe?(3?s0xvb_H_KB}sMd;_t*plhG1>?Q-vw#ONc{cXYU< zbeYVQ^3nTz+`N#%eqccl)ZIFDb{5joXcOY)U2_(prW0ovy~WnPzuFHaCx$5#SH`8lQV_7krps@R=4}I5Ujm)A#0zegpL1Pk~%f+6B)h0Rs=kL|EO>E^S?FW z-^XxxcNBVooCv>8E57qAqELj2t!6Ka=iF~tgl*$wc`_+H;*&=@=2k5z+W$83Xw-R} z-P6n0eI{&gh8wXld56H&7e2FzGLswwJBmm7Y~u_U zG9ThFxj=6u3kR+`TOO&KgOit}PK<#VPcGo1eRQ%-2-pI#d*4EAE+pnAk<&+8+KM?p ze->{^#t(yn@e)aFyEIe#D=2O-=}CJOJ3_eK<{$;|A1qxqQU$)kd|nB9BojIOPZf_k zY*J7d3U-IgeyrCL^WhxcwY#qk+(_&+rX{;gw%Kl3DOVDvcTCKnV|AQ(Mpuct8^Hq1L&otfIQ;G2P%7HtQFPOsRw%zzGkq z|G)K$08{e$ysj1dF&^zE8ch+x2O>AN*P?D+>5!O zVTAtj)kvR|0=MxtmUW9)_cM?8j#~9z7c9ok{TdY!T48M{Yyco#!0z(LASsv|A^KzF ziPlmMl7}vYm<^*sg$e7J*!FfaL3ubo zxeAhC^W0Y$+N|IuCS?yCC1(ZZ`U5sZrkX9#{p|{s5J2Hg;5s%TjKJ zj$$CU92>L0{Gjvg!M1BC|q=SR2ERsv8i-&1@AVQ^tY^>!DuXZO&*JMQtg)1e|tc72>8_v1RhDas~a* zr9W$ZWP<4EZM$kK_h&o1rX`O4m;#U-?~!z1^Z z%TJ(+fy1*$z8g@5G6*Ti%WuZki>;ksY*n+q<9(Kw+6&yh;i2j&rWe%WkM+BPI~wsSzL(H3ERTusQW}Xf)tKS@o;H|>@wqd-^l998fVTpS-oKY z|DGb@@-~53Mp0g_f6bAf9|7;(2Ig-If}9b!Ohy;}yl1%UhMNrTx_ZID4WXD;n2fqX z5qb|mS~w1Rbz19y9?!regmUOUt=OV75ka(HeLNTRJ;uUcE2FEGV{r2GW0_xpl3fgx zS|ckq!*7X|htFb0Yfw~Ml9kgNtm+mr3Mc5Fy&w(OVE2rDL1+x-85i6mN*(K?gr5#} zjBT#_I9C1hk%M#gT}zW91SU@b=l-`Jv!>z_Sl7C%rgeqnxOBahL{%(hOd!6(i(*@B zzI^WutA|Hdj&~wm02&gB=ka#<4NxR*rpH#`VHX6PfqW8Rlp$FUs$urZjUirpCfq(g5{5hUi=2aVh(yY>fnsaM3g5112 zRTP8U%frx?m6wkxNREkkr}!%bke~PA&Oxv*$QyC7<-9hK8KRzZxC2Gi-kb*BsOQzXhgn(~lz`3BOL zdwI{KQ+dwIMzeL_$g+N40Mk&(*n%eRnBa|Lu(vpal-Hx?{-g6XJm|=HyU|;J5l2NF zKQ#5K{%D+`q}wyEU&K~tMUg3^`>chwdUp8D=pf!5^U$qx_yUm0$4hn=NEvSZ-)91M zAk`D7RBF8f34x>*^zL1Gs{46M9D6S+FF0sj$f-C@uRVJU?fNgY8cH)s#MW`&NBE`5 zimS<9yl99@nizPV{nIj(Kl0}QIRl-LsHnnw`|YSC5vQSQGe2gqjyNrMshRlIVtA~_ z=2TLq!pDkrn!Z)^*lxP~#GZNle0{aR;u=jF6a)xY2Zz9-pcFJE=K1cjh6(iI479e7 zyxT=z3-NgJAL0j7oGLnRdX zefz395>ke)I{B`e1aBr~fN@sxd`D~+hQxWVteBnWKd+Tag(8t-T*a1=kS@^>{%0ZM)oNj(fuPe80vGEe@(#R%f;v~7t?to@ z+sVr2jNa9VJ=-*r{;e`cE$2)dmLE+hJ<1NHw4EHQ{HymqQL?-gV!3j4zgmq4&Y4a@!r+`x7QhnU@l944c2aJ4wrhRz@1wNoBXpA z=bGq?w!AGVpq}|@nC7b=zYV*jfnTvFNMN<{wj>B}8Lwr{RNLZ87B11w5&jOnORLrj>0}}D!+cy^Jh#77{?eDpwY=u`f%pUzv zCzXtaXvN=xL)H>-;#=6r>-4(hDFc9{^%&GRDb1Nr{+mu(uJPHgt(6N1_Wbz&$BDjH zYs!@56wWR!NOr@j-MiyI-xeJio2hqi0=^D(b!FwVm#4jb+q+wGgh(PfN4r?%zTvU) zUkZk_Db1kI@;wt`CEW>Bm>qXKb>E+ZGU90g$N|fpugF<2@b5DCC10XAY$=B)SN;a2 zbQ~dU)>g{*{<~Dt#D*A{aLXt|O#W}G^C%nO3<-oM0-1&iZV1RUMVz;N+gDb;QR9w* z=O$l{!*M_8pQRgu{=U5$%kXTj^!o+yJ-h>+D!$ZYK-yuU7u<6jsE@Oxsz_nL-e_GO zD*b}>B!;lj5i796Y9b(4r67ZPdBx!qVChIaN*S+b;#JHH>&Uv5l*;40yqd*Iz+fH=0Chz%SrIGQu~|W;ONsfO?}$A}jxA>|5W^T`9LHURxHB z-vlKdQ7|0SET3~R;OG)c_dVvNnNu1SA}OWTD*uvFq1eOtd0hxDK7c7KnKu~!xjgtC z7sFNEK&Ux^e}tsQfOXH{bOjp&c091$Q4i)4WQlFp%%j}1oF{spHg_e8*erLE(P*dx zB22})3?kDBW&pRy|RMtX96@Q%k{{wML_8{*?g~3^Y7iX2mb-3SKw_0X)rp1~tD)`&&4`B7LEt;4wAavj+q! zw4zrSN|_Zx+>ch>K-NaEB9vS8M#uaH>KoPfRrr zmrai`Aao$!W8urj#lZS`z+7ngeVL?M88uyf!8=g1NaHhrU>&7OJ>4y!C;)bQ#ZVdi zjJgzP&!)Pc?G^8tYSzLP04dXsV+gEjKZZ%(AflXuPs3K-wMUlQLEVPRI|J`kZ9da-Y()}!TS&{tSU>2IkKYZzvc)BJhp^hgxT z;Dr@fK7UU--1;fFCBUe3>b@}C$Fqp=27^kGtaLEor8&w}rsDwgqf4)_W|RQ%;WV7C z+N(;m5AY{*AlY;%n(bdlyLtmj=r1cp8k9?ictHKjVocRR)epknEMWkLKGW%l($QI#5WkUWz3l; zCz8;|;3D(%Qn95sX<7=p21L-jdDcKux9S>2^1LlUeIMBm=^pIM9cIR=s{9zXh_BDb!dmS4HJRxe+=&g?^A(8hx#A`uG#K1a8`r2Hs-={ zFS2o+nM%g3v{GLE-rO8klodXo$DV$n=wU6z^qbIF7BaWvhSNZMsHvA`fzion`bO7EhQG}Tn_bZY4WK1A-pySse5@hNm>M+04=FCf%s^tC<#5%BhxQNG2Ts&Orwb{_qvsaxm zv2ixFk4;Xm8-XR$sgA!3EM{a7-&em$?jkn&N(>May*mn&^vcSuM#J0ia^UeeKXx!{ z+8jH0rFO4{Lg~AqGgwpmJU4(Fe`tSQ_&d(I21%lXNa-RqZgrz`GBJm#VgZWDwe`(; z;e2_vI4z>j6-L~KBzG`}hrFr%)D_GdYI&6e7{HUA;{7}NeY{llzr`%4%N>Q{&6e+9 zhy-@|HLgqT_JJl^*aqm|Q z0N2AGCfi}$fPTU?4OnyZDUx_G(Hd`lRrhn2y_};A{M6v?-f(zVQHG3VykPKn8F@!7 zkCfXYE-{?{bDUn8F-z)vH|R8QM&}n|#Mbe$vhWr<<^74n!`!KotlHY+bJw2rqI%fL zi?_?RSUsph2<@IJr>oe2r?JauO^tbV@t49-nWg9JZ}1ltE!p_V@8`~-lZMsHJLvgb zs-CJw3~5)#8RGdLSB@WGI}qW*cFSGC_W&?;b9@X;BIp-kcJ0`fOvy_KKMZcz>-#IK zy1~Ht7i+r!1&qLULeSUa7s)dLp)8s(XTDGC=+hRsX2E~jt!}Wlh;P^xkraLjJe8eQ z^|`g<;ALu8A~C^W+$LZPy4yL8#Q=EP0VO8Mz1OU}lJ`nZ^2MEO899>!3FBw?xf3U9 zaXIA#(@giUtH3#C&gTQuQi7?u#iJU8*W4?0c8fTx366zePOD%J;-UTJb@>?%t1fz^ zOG!aCd*O>0sG@imWcX6Td~>E@x8bw{iC^JC`m8QX{vs9ktIf5%&HU&~kUZ9VzsUL= z-U7z7V~D=@)fgH0uS(3>%C|#66#UfUgF+?_IHJ4d7$c* zA$x@{LuKg9E*$NKN>?UiyOF^_s2^XH$wViqNGs93x7=CQl|B^Pk~U0^Br(B zUO#62U(fgY#>XT1Y7Lh#>O>igTzK95$2>j>J>@xj9RMK~lT=CU56S=~H|;i7n&;4tE`r<9vzKoxJ*ILW0m_6XIV=$FiQEI&6hd=CU9CL2!- zr`5$u_^|Hvz<5$?sgw6okC_RyrWTR2I*+xT?mB-EwAM-(-XzclH&TcON@MOi+x1Hn zG>>0hn&Q433}(`XZtm@38H^0$H~+?&ABI|H9tc|Zu@wE(L`Xe8_PNvp;cal6+K%qC zMc+v*hOn7FY?R;qSuv^KZ5!`aws+xVcaBO@@2Ogus3Ysb8DT!~f_>1D5I-7KAEu2+ z1$9$g&1LL?>1mp0LOGg@n}5`yWd?u>r<_IS8@h3zl2}GOJKd0s%K71bs!Z&cmRbO@ zNe{fYhYD6!>d!gp+ka$0ZYUJbW71ov5zjLW+arRo#ci4^QshwC zC?%0p#3puY0hy%qfG_w+v~?Q53HXXPp_VHzHsLAIfZ)b?Ga#5qw5C8>d`&sTCHAk> zXUoVyi_k_PpR`}Fa{t|+xT6>Rfwgdt&&R`_s~_D89i?Y^7l$bq@Hw0P5UI3UV>162 z!CPDGonC%las?K(;5nMJ*$I2IJAJiq*tr1r>WD-!6dj~_Tq^l|*Nr4tn&}}5wN;O& z=?bY=BA7r%TFqQ%Sxv3b_u?f~$0OCZ{?d^5%|jouBcko%Ii!jBRG&wLjdB*%ydg;H zcoHu|q~b|}1e%hV5!&HM51d7Um;vgv)AVVbjqrzwN{8p;syNQgic&nG6INDMCLFML ziSyKCH0|&C$x$d5SAn222d-6XnsT8J6AyQesF>QvlXe`+Nc}aFRJ9=Yg-0g@Tg{P~ z!9c^)_lkaQarlv;!bDNpOAYPuuZi~IaH=G)19jWJIXkz|>csK-hEG>7TEwSF^2tDq z38W>}XtcBawnNdACo0YP9K<*7emWA=TGCturTS&KF0kNEkfP`{M$M1Sa zcb&A1plpxsr&8{;XMYwomL0eUC z%O+jto%P6|Gz7&_fd*9X3x=Nv5_WfODxCd$y++$AUUH3A)kNCR(C{zM#b2@LAd5?i z8QD8G+ff?rDEn~E;@cBPB%q0Tu8C{?>(qo(I1Fz7Vro}-aF3SzOw`vsdNr>LS4$wg zO8u7)G{6$~sLKhJ+3Hh}bh~{&*p)1I!ZEa0`78hc=W0{8(RgFPcgv~G`G$<%5?t5T z^vpTJdaLG7yeNinqX*I(CA>?f)8+Kt>(>KUIbM-b9j@Xz{_4)YK0e_;0IhtAi& zmI9@y!BLf|nZATN^@wIes@cfAdWBhKHe+bMu&#-R&fisz!moyp(q|9E{ut+8R3+|! zRdLyNY(MN_3D|B7P)c!))wxsH1{otlK*MLwP!ME)tI%KSVt$T;d&sjYCLlTgWH(5s z%<~ZI!}s<@XY7z!1oy4ARLaZ~U{Vkl?0S6#BK0&Kvjr5DvUNG`Bd@M z1>aT9?1)$^Bzw*e@AN;U6?P(6kzc7+ac zPl?>c1eT~syE8+5Y6aIZ9Tl_daP`MAlA8_@AG0}1c%&??JVMtq^Sm^_w{tRwrTYH+p zZop8N9vgIjzE1yeTJn_Xp^xHWXs_e2k?Z6_VG-%Nz*!<-FBoW{XoZL}WwS}?sCe`E zLH6A9%k+!^tM?e#fLcq25m!PAk10%Z9ykj?_uzD!C+VZfC6TC*56e%?BV)X~3DJWz zQR)*|QeLELv9B)bB^0*WzA<|E-9b-R9b1ueRj~7 zpx7hz;P0B6O8(xug;^&x-L?eoZO7ysoUtFXGX&5k#gAudMMzTJRfmstQ`excnpNvt z3c~bs!mW#a`*c48c&EDhzV4pxw^fdtn;@pEDD>wi^S0+WhR1~s{`^wdh1CvI>esb; z3rbgw#(se+J*+-bOsfuUFhuW(`t8}(=hRRBP%Wt5Zag&O6q^F#aS2ZOz7H}=m*&hb z_TRa!Bb|#i*+e)Nw8;ur6>onFM|W{SchnIcZC`y{3}Ut4OxA3^?>{wJe`96UCR&uD zsOgp4b(NEF=U4btjAsB(=plAbxd0v82yrgZ3~P~NiUvkt&UJ}eyk1dV|087+@4MVJ zHxGL~&QVmRE}#4ayy9aBnvjR#{PvmLieu9c$#_9v!0uR&p3y=gA1P*@qhpL*M^6T< zt$=VMCaNU?F_l5AV_2>^UpF5TJ*8f7iEABn;%6ovQNA#&J>3J3d=)^>cvSTE_SQ6! z6Qnx8aMoYN%zHa|zD_MYtEBxxHVj9kV^cDv^{B&T75ukbI_R1G>FSC4DDxIXq6 zAyrE}{uQwu8VA^g?$b&m|M<{SmvArbe{*cspC4tEpCXq>OAj|>!{Ah^b+g!weIFxQ z+!#||>v z=nPV+{e$;Gp2q9!XK@AYP+W!&S3u|-{A^=7h31>JUCJ5?rM!cg-I;J-cjWmxzxJE& ziG5o{Po2JW`V;4+>j74!oz^u<7+UsiO4wg5NC)hi){Nq0TqBNA@@rISbp)~I9h0TP z?Z}uf{_5T{c|ZB?NMS$>x9NAaF8t1gJMf(SQ;2m<@)YXc~Iu+xJNEh4W+E_CMU) z{zS6g_Z^c9$Y_6%9H+J1P34~6kZ?t6wy^FUMt5wYYbEkvDQ*7 zp-iQ9*>q=Lu46H0&_7~=g<#N6RLoNuCC@Vawe@G%NB*$pdeVjOS8_hfB3F?vv`la8 z^Xy-M&Y*AdT0h-1K}HKj%~P$BSR2@Qwe~(C5I2#=+=f$}dK0z)niF&b4Iu7dDTr1n+%4~(PvQH}NfMH-VMZp*SbMV0Ef@5Vg6 z+`av_oIi+jO=gGS-ru`Ge~>oUoD8OfI&M->vM4{u1CQ!6IcEl~)RhoX2^*BkTajlZ zS*2p>7*Y1KtW}Dsf!gbTiq#>$b1*F_ue0OpMZ!jo-JS72yoc3?3qY@b{bug~Wt{-Z z+s<)<>Y|qY4XwjbGub%h4nA9~|NhaK>aG5Ggu6*mq+MP7gC(Y|BhS65#AOksAp^3ce^(CQcC(^h=wB@&jy2^t@JCS80dd>bJonQNM z)4V1&KZc!-@t6~w&@k4#0oT-heTu5C>L^t8dW`H|*($gKRu-+N`Llo3j=Ov4|cBR0!E+ zVRT;QR(^nuFd6)i?tSpX1qV9jx@yRb)FBeHQc!IgiKCK?MJI%-(?yKkEvOjkz>g4i zfyG~b6;4~v9T%-&sc5#xFTR3Hu1T4#$;dwOuvK@2KxorrQ+29)AW%CL@o;$Ia^RF3 zYjs;onM$KyZl(1#Dyw&%Co$F$t0`>y=GaEmpTgU9FB`H%jvmJG1lLdOkwB~-7tROf z|5T6iB#J=al;NW7hQr~BM>*zW&fcXTCSR8{S;$=dsfy}&9_!tBio^Hbzg)yJe5j## zEmse|!e+a$_VIq^L56e2o@5eDq0tdqH_~P@%F)cXy^n-^uDk&dYHCQuZc^G9gD%_q z2gcI$@70G*J%YveRD9Izl_tZ0(Eq`ILg`WtIsvI@-zaPgO;H7F%9(jr9h-G)w$|r( zA(HTc<~A6MmO_>m;>SB3lvyeaGLs-!FgfMH{?;Y9)%^Bs<)6IvYBL=q^k5kMspYNO&XgRczMTWlrr1u(07aNyC^SU0V0GFKOR1xW? z&;9~N6&H-lJIg6PB7$O+gTabP(UFR`RRS}@25OJIxv=&XQ>UvXHRLdO@$EIjlrb z!?6@DFyCVk8h9C+b5qqmJojfWXVFIIs?@^s+ul2}d{y0@2;sh?%TWABGg*^x!pg&A ze|wO)GtiJ@&U~fi<1l|!--|HUt zmwf*8;$@Ptbrj%(sj1gl&QY6fOPrgom-%NI26(@vwqP+SEIX{q6T{*+9AZ7M(h3N9L`~4~ph*@nYnVXe z#^!2i%&P-X&ZRs!)lB-LoHdq2)GoKDv*D?lpjY((jAHW#EklXrL>alYwSn8P?_kzK z?r)|qAR`awyCCQby0qs)65tF~xUH)-PWL5mq@~o>niVTMz&315byCe%N^Oj@*fx+b z__8RzXa6?|1;?MV+Qo5t{`0~RLsF`itLA;L?CqZ%?tDQ!FC%`N5dC#46{@i5%!dvM|sR(|A@C28~N(z82s3b_MwxO!Tk?Ac^yP|{a$ zhBVItf?zsv%@vmCTeGRBfJILwJvUCmW_Nw1qfpF~9lyZFVZZErW zd_%)X8Ts_O1YY+l7XKBS5CRoql6@-3SCGhtn+aW8W9Sy;6SzjwX8NJxIMj=rh- zC8VFj#e)aHqbA?V?;JZ?#V53%`chM;Qn6e69+Oho2+Tsm-az_FQqE%o$6(}CsssB% zW+6x6jvoAFy0uoZA}BFCkN58Ln79WIS1Iz>!iBVA|2V2uccIQK7yGebv_r9g&4sHhkE43r)!UfoSM%Z-gqX1I7P(=z!jrhzCO+(S1(`KTJX&LbT zh@*@s1=qHcW05214@yo;f4i;^TKU|n``p&;I#SvG-Ja49J99X{QIZqF zox-pbEXSC8NdA9X5vf`a(KC*FOB=X33=ocny+KY6&ch(Ao5q>1liK?qdd_-_SSBmRV+fRkHcooTj)^rlxqJY{xP%F_%R-t5#?`ojfH#{((no$KG&Jj;CWG$Q?x2#=oq0>kLKE%~{%z=v5-Z1i}%K&@%kcQU!$JnP$EFT9+&V`W z**MxVQbP(>)|PK`*`nfTAj9 zX8Uiy7`K%)L0lEmMbiA{6mQJ#kGJko@yF0uJ*VdEp`$ALy4 zfSoSPDJAA0gswM@8NYUDi1lV=cWzi)`SuQUvJ+&a3FCn1<{M2&`G}UsYg?N_VepGg zqE}=&+p^TeWbrN}vJqX?lAAy^@@3k*-I@C~y_#RntC$pw$UE;0f7LjrxQc=o@#RI{ z2d3Bw0VP-ECaV|XtecZ8Wm`h;-Py37C$q_~rqvhIS2Y6$Jh9p&1_XS)Eat={WVd(u zXFGDV-R$NsIYm}^6UTvBg$mKF7qb&S62Ldswk0L4DV-*BLg(4IANRuKQ)8)##LjOD zt}edrebEXt06LVLOey{9|1Z6>eZi53>jV8>09>FRn4M*2hd2y#bO*HsxTIvUEF=FBNF3Vr4FwR;Yz5DVZPag>hce-GGNiGA1r`Q#7jRV_2Q<3c zRXwJ!P)i_F3Vi%5h~tf}!)~3|Xved8jQ|E!4E^j`zcQ=*Lq(aeKr>|PL8|WrO$!HYcc(`mWb?S z?>3obeyG9v$i2rcn;VJqbdt`tYPVG!Q3a8gwF2FeWrQ)7GEH{R)T%%ILE5VK$+3mh zCnLI6kiYhGnp4P=@{jjQ0gKx)`;YU*orP|@H{!KVT|OYznygdS#D#<<3i7wlSPUrQ zIbupFxWd6+Ty)Mg+AKkH$VihCHa=p9ym0e~o4JUn7cCN`_z@B4Q zNmEDBh^6u0y|bg-a?S!OA6y@NXF36;CYh%&TMT%!fwkZK>HFWd$iNZ0EvVn&K2PN- z6>wVwa~2>tKI?i7GMHa=yU{#y68e5DB=3}&_Nwp#)vMVPTN22rsz$(Yi*l-mlK}JF z0e!dE_vr+0Dt-MN$KE<|+VBa0hhn<%}KQs37d?J zj449c#b@1@Sz?q=ur+gI&`DvpG=!ou?0wAIz)UAOOIKwWy-OVi^N%)X^w+dg~IVB$v2WlhL}{ z3oAa_7+tT;mYh7Xs?qdIMO!{lic!d(*^%I6h4mjElr2*#pLR&?Yl?}5#`%uE7HRe{ z1jKC3Z%dspZtz^+r5uxfs@N)(B*`Ko^hMj2(d~isk_zLyi;vkR=3liw=JGAyu2`n) zN?Ce!+>qhfU*hSuL$ro2{MP)n_51b?C9cLZ;<2btrDvc?%N+wDrHTZW{?N5Q2+{TX z*zYuQL?T{q`rlUYrz^gkqx_{Q#X8ZuLfG$#3gzC3OwK8k1FNTx*k#yYl2ZTOLFqQRc{jjF`0}atUq-2Ud|=$b zipnx|vn;CE5ZH_h>ZaXYY8KdxU)l!h8uZ=zOCLXgQkB%{wwJk~23@ii=xl~XQL)7H zH-S+U!VJ$r(F73IcS=n!7!pG{5eTJa3tTVW?e{-(hUwS`g5v)=aIN}&n!l=OOq6ie zT{}6-u9y~6jP4TlmX0gbpvx>&XyBYw=$(i1=4xx}2xTzBtkw?ZD63V@iZ!c5A=b&d zFNTMY&fCoW^|LE__N#!4M(5oW@bSpBdOE)v1p_Ux-@aizrJFGJ#+Q8eHQ7{B#&=C9 z&B20PP>s`)v2a!)O0)Cvu<1I7jswEz&`Ba%O$Cng_>L9)mQQz)XL`smo}3VWyA2!m=}We48o4(0ifwMNP%=&Sz`=cPVDJTH2D z+LEOMSSuT3(!$rR_@TFw#;O>da7BEZ6BlG6p;X{9C3&p#ykfxr&4It~A1?d>7?6vm zkT1m`X0y_Pj(`D=igTQ0HkH9NSmdYR0TMRaH-CojD>S5U+vLAwwVqMX=N;bv4I_K& zuWGja>3MpX<=j$|vSeUf$-V)r**6`;4Ph|nG}`Q<-sB3Nz8!V% zxop}!eO6{?Qb*^zyQ0@o?1(#qx7g3z&EcUVKU?Xj`&{uG-9vW=lGx5XNpb?cE}ju! zY}acGlRaALP$XGvapkoh*mFaR8PN9x2ct?H)L%YYA=;H}hSUYZ{nqr%Snr$S3t|s7W!`cC-#a%ygNY~RVDaonkWjCQ?DmmYhF;~3pb<)V;9eBrc{p zP(GLDn&j<2Y#I3hUz{w;huL7}vX%TeCeN0yh(0*k%XTiXjJ2BrxJ5F%5v@)t2t*S> zOGXv5{=$Wz@{?Yfd1|nH6V6KL#ow6C!##j7CY^Oh6F|}%_G7~~-*%C&JMjVdmktmV zaaP8bB#oeLd)4&dq7_gtCC)3}7K|Y9VUpdJT1AdHpWPnp%&GQB7NU!nN2x{h@#o5F z2{g*5W61zLfN>FO-P~I`jhtq<&s#cmet<&$Yo0Y870yxy_w~W`d#4XZL%G{3TrOvo5PfV4J zyaXzkcNw&bO8b_hK;~Qm)VslSYB(H0A?dWD=u`0(-{F%j?7QZxrCljkVb3Oy_qjOP zVARk-#-WQfMl54HkGhyBElBHQxFynqoGRJ)_mAhNw@uCZDXC_9YuKJe^Iz6g^A32Z zdIVG)f-d7UBHv>=z>hueEX|R7V!Pmk3W*q0{C72cTYe)0qo2*7KWtml^jHmi0VDK^ zXNB;MfrI>e)HX(ET%e`}4ykhjG%v8jBS~C2S8RFj`K`m zfD>>J9gg8wFIG}^nt7&HNz@+6n8Q#`jROv>ftb}}I z5&oZo1l@I}yM!H2B0Z9p^ySt<%RY1B0>245^lI|Q*ItHYq-!tIz z|Gnn}A9Uv4JNKS@_C9N`z1Dx137WGQxid9^WQxuzw!;r@_rDX)PITxWYisSrFJ&wM zFAUJk;h2z|C)(O}=75l9zCDFg0^1Ucu$rAQ0*LIPNcIuz*x`qqn8?J%Ly=7kS2QTmbpEkgN`be9v95F;;4%iBxHQ-8|h)9-NObKJm)7gzJpW^vI<1zkyBhbK#dAHj8$sVXnDzBOP0}m`D+UkQi8%{HU98FMp|G0 z8ymyE==%)=ibIwTNE6b{G5!^Ymb_abXx{CEfK32ekT)-0E%MEsXu2)<$KG7+k5#V} zslIfimIzR@cWgArjFf+xM)zM|6QJ~0iHJ%90(}J_Z`UVyveHAr;Y9wqFg}PqgVW5> zt4ik4eDSrynx%k5E38TN?VPmMw_b|`7*imtGPSiUhVUvtrAG=*ftv<8oIp>GJO!;% zEFBz(?3IBRPntrV=@yChEwTtIUZ5TI2`FDNBX+$G)vgk9wHCR&>~gO|mA6Fn89eRE zgLdw*DzOh8B!^B~L=t-cdcTi68Osqe)&o(dFSlWEBXA2;6;{(hxv&zHdCUQ;yuLr? zRs`ggN?KaR6U|Gm;n!h;hm0b~?g5aY<8qjHUCt`VY5}3mh7|X2>O8#xBTG0asrc77 zyP>nAA9!%KT3yiJyoTUAVWMy=B3_O1wGiLrZ{9;Iy&jd0+ZYHV8lNm~raM@dw+6V+ z2ckS5mAvb|>c2emnzOh*Rcgtew*Ix)_S?=NE(~vxWo%f|^l@YoAXHs{0Q?bJ>iiJC zQ-yprfLFxG+*LZ<;~1?H=xfd*2yRo^42q|gAf@<_W6-vV@1RNkw_DpUQ;tj}Hp5IV z^fWq%ztZ*75M5n@!Z@5}jh|?9AtkG>hcN}vPIgHO57|~Px0*|sm1R$UC__9Arcj4x z)3ZJ9gJXH*%vlKxM+zH*Ip589u6uQOwX@A&CiYTKpV0`CE2bkuSSl-vZ*CwJglSX3xsc>@E3 zUMH+qUS>50J|3<z)qeU*T4RsRLbQQhR+4m<|;1N zOt~~`MVWC~PTRjOW;<(@DmhT<|Ee9Cfb`cKt^I2TJ)wSD<6lwH$PujDh(B7&+fjgr<;c?qH2=ghvsXI2@U9&~zI5&g(iLZ8qSXu_W z&I|Y+W8S7l$*J8RxfXeWDA0e-=)6oVG8eadPIdV>>^~Mi@|&s1d$Is`$Hb*LXpzLk zyDWq8pB6d+rP_CXe&0Gg1>ZvySdM30`(mDC*442Ioka zjGB*wuP4Gh3F78x$iE6j)ueQg6cLGkpA{knQxFpd8WMra&ws;vDznMK)J2C1I2^zJmRTR znXAC-FM7MS9sA!vLwa-os`xijW01X3z*xS!wkRV5PU*fon|}t{YfN95KiIH6*lmrN z&X&cy@2wHjME#=)V(`}q5|#yy-E`)3H6~DDJ+YN?8^{xZq0nT@YJ5`^%E9lOkYzDG0|USC&ga!up& zp1IestZ{RxhavzfycwypH6r4*5uoAs$`>B?cbZ|q8Hz&=R==hSc@NWnfuQ}TTF`Z6 zsyZ4Zw>Kll2^gL8ETn@q6X0bEP2gJ>gH#ud9vjLj?AIR|V2~oo63?6-tG79P@&}L0xF;9K9`{Mzc%ZSOV>_OBe!R7F68=ZOwq(q zgbWzj%@2@jGe{2T&9U)+9*2AZ#GKDe=TLsFLCk+YZ(srgGte9qeJy~#F_=wp$6o7e z##KP94fLrI8B{$kP#}{BNewccAO~G%R92uL1lhv@UTSW|z+?~yf7KLyTRqyFJKlC{ z1@N$g`xFNpXk*#}I!8#|`skU%V}^autc>8_R@Y8!mUea;*==1z zN|3?A9n<6u3m{a^u8*=^+8&QLw6Dq+HJz8whOVa)RtWem4PO8m!GyyXI90aGPcYay zFSegu;#~ndG-C??z%bS6Fs`9V0E!_ab=z^k^@KfV9X~<6$x6UKJ0o)r;0Jz$`b?2f zVzQB+;Qbpw5la-38FA(U`tBmkmR3`R+V7DvZ}`6eN?y`TENc*lDhVw>c0cuvcfC5M zu$pnjNfBWoOQG`oV?uFl6VUj*Gh7TMVl>|0ZM~Z0+39g-z_-7c zu&swbdI?&ObMgN*-aBvnC__550wZoJ z+9{xHJh8wo5XQx8{#mva8SGs;HcLUgFDc3}8DooAQ~Z{h<1M?(6Yr^J{3sli1Ee=G zPBXw3ar;S!sq*g2;k#T7>FctkmgVL|m%plJqQmiwwa$|WexO6|Iym;pvCja}VWaEI zf#|W@=ORN!+s#T1{?XeR>d!zC&1$}w{v)V`iDjeq(}SP)IA$|x9x8It3QB#J*PT0V zp#Gev937h76sa%(_}LBA%1U4RMCPhY2TxfIUH1#f{llVJrXMV!MN+`SfgoA&;OU{6 z!9P7S&}@ueGe;6#loPHh%Cs)yFnirKio75(W$vG&!S5$a$<0sxkmu)_RpQ_#mjdT& zN8G$Kb}i7PId+l2<;7~0NCrN%X)&1oxFb+){{46%32gXqWWxGbv(&}e)cqVenLX8Z zJBSPiJ({hDzY+IiKedMs?Qe~63EG$I zwPu$X9G2vF{I{l?|5B`OV*L#aeSvbaK8c8=t1`a8O`ZnugH9r*bwFDMBF1*0PnEc* z3M4Jl01|$W4#dhP8_r&{+W%G#VxY)ZjC%)m9`z~0(8;wLGArj=LR(~ea<}Ags?EXC zks*2t;cpuUyrEsP9nhTLd;273DV*vpbg2Bn?OP{$8K4Ag0TSL)N~E)^Sa?&U_iM(J zZjo-5YFzP6Yf#O#9eX!Y8w@3{84HVvXz~nM_eG~B5l0m=u=f8a(gyL?a@UOmqQojn z1Dy!#pU0awa|b8@*gDL-sXZWDE&lrU7fJnm7%w%WLI$-ow{!Z{<|Rnyj{;t+OScBJ zN(gwx6~8TJ3~#Rk>ovVDUPC5#y(X)T&jA52+OBC%JeLe? zDEDIXLd{$loQbm!H#E4?4>PtwMn>3<2V1BAx80eSD2pivVmV0e$AO)_{m6e;Cgceg zj!+!T<;|ZNk-?9J2qlY1a7(IN6j&4&DBqN?y);^dIhchE!TAO0&+UFom73i35BbC2 z2ohADB#&rEMW%;OoYW>dzpW3lEjUC?AFkmTeM@)uq4f_Rfd{il{`h&~MS?y+3d9s| zNZoZe0f4#z=r=2QI?-Lx|92^!D^Oy7uoi*TOMmf4zZj#jvJ_@oagMdhO37s3f;P;_ z-6mpr3DbVj_`Fa^m4lapQR_=Tkl9^@wR3E1;7X&afFgkvL<@RG4t{s)-hbhCFujTO zfv(~kka$8Mv#+%r4(A?-KfF1uNm{XFHCkkCulelE>P7Ops(tPgE$6nsh_(T4qPL)! z+>~b!*(fu3MNejK>mTx6yqhr?@hHajRR5MfSih=)+U>Dob-sl>1yBV9U=8U z5FoI4eKO=ZtbIhpC+A51T<9U4CmF9o9j<%Ho`KaU-hpTq%sb>p>t-RR-bMm7Akc7> zwnpxZ%fceW;4U#N+FR&f2nmBT5V8j^!kWn7Zr^Fv{f!?Di8F?UQ}D#t=?<|GkRVXf ze-qyl!|j?A`xj%WzX0zW91p$z*u9*5!2hIP{S^T;Zl?Y$bCG&a6}vfE3iknK8`73t zf%)b;O7hLI0FJCecseB@`x9puF7Tr)p_GS5N8C+lid<{G2~AuJJK_-U^Xg}e|DIf? zGT3B8o1#g;WD{CYd9h>*JPB^Ld^zY)n8!(XLnUCfp=*nYljy&x+IhNY9|7l ze4XQ3L?OR=68lB2!9CO1JcHqZ0fp#q;TD2^7(X7m1W9?3WPvP!+BfL>Z0xl&2#mkD zCA`S#bBY?qg|48@#GpX(t+?r|4ndZhH*YyR6YG!?@=E2c(v!AV!(c@NagX&K{2OX0 zKn4FLBQk`jO1n}A@Z?(FP5s9p4{w-jZKn0A25?pd$cCtzKvOE4hi@l{P(;721IqZqqnDtz5np z0cuxdcogey_tfGfNbD5{a%N2~KTR}U^(LP2@|hidoetII`z@Bx2~R>8ZXVwd6AN`Zb`is?a*wm& zH^-Q05{1Qs(GNp`6L>g<^cW8PHpo+lH8E^RG6t8(SY9Pnntef))SHSSRMM>Z6VthB z^2V4H!ZN5vjec`LZ;_Mx01*Lz63AHa*>6^I4oP7=hgiim1Ei{nGRf<`I-(i|!ZHuH z1MXIM#Dh7fM~Wzk8d)p~cmmE=zn2z%#IR1tejhWgQ|M%(;2y3wZA?d1*HDF||Gvs- z@_MLr@o!(@{QxN^(tC3k!TA*o2yv%CRN%9opLbR;1lV_?c8GhOW5Z`V-QwpFkJZx^ zK0OZlE#C@4$Q%B_XYj@g##IBL+~VYTu!qK1Vcr%pBPXHJ1V|#gE0c4D_DGG9kMOI= zs(c6`t2&{O57>$ke+*Bqii(QzwSv6Ni#tx6ZGyZEHK2v0)@!X=$+}0Vql5iP?);bf zXzfWED@p-Unxq3sY|@%dnIloyt+UWj@@}gB?xQBl%Tclv_w!<*F<_f zqTzI@sGW$JeYfM}s@SPWIQq+R(rU`DT6^tN47iA64tZ;+I93qpTRLNw*&uYka$K%? zn9N4ZIPTW_dfOhX2UX0s3qG(}cEvcDXb>4ZJNWtWmgytMTj{}XeCUiv zh8iKmz0R+k4jXn}e@$qz+vsxt^SkDqs_F_4eG^q@VSdl2Z*uRKKgo}ET_Mg7(~cd+ zwFyp8{sLT9m5=G2%H8IRW3NYl8b4^Wx*fSYyIe^263D-pRLD%7p7X4`(sP_JsPH%| zct2ffCY#9W<&whVc`ml)=x>n_-e(%2`hAV0 z`t+Rkh{d9@hpRcjAh~Aa^7$op5IZrNmM^s;JU(jgERh~14jZJMksUujm~lNdX-XBD zCdure`Aa%y*Izi%(F`Ys>$;^lB!sd|{kD*wQB;|pe01i1P~=sxE|tHtPa6)ix{Ufj zPfjUw#tE9S?G79Dz~CCKB{1>&bd>hNfp*9? z=7?*JQ*X0=HCZr!+i&3V_O|43V@b8QvJUWauC8JQzc{b=@89aL$;n5J5mQEF#A96v z(^gFtrxYjB!vak3)j-NA5*NO0WoD(o#~_uYRVYqXVsxwET(+%Iov*J}KWb!o^2Mxs zYICbJY*QW1o7mhOZRc6+*r=j(SKH(yPxloUyNap0obL8BAypH1^p3QEuZ_p7#~pF) zdHhs&9#k(ma8xf9t1xj87LRpk<~n*DUQI1Kx;UMqzWEf$qqx+W)E`HnXy07&z9V;{ zWWDdxSEq_-SPF$v*fqJpD}57cD6x89M{pN z<}nMEm7mXIRzP__!0swn4N8x%`^{?C&3^i8NBHbEG3kc_Wq$}%h{0RmPvCGnUhdqQ zd#mxMw$*y$2M@MwOREWkW#SiNHln18(?pdPoLK28XY2A_SthX4%lT%4*-FHWOCaci z?VI8>J1IWfxZIgxdrfgc!Oy7}k#tr!j8NChuAYw)VONaE@O{ENWD&_vTPVjQa2p$H z!nc%6Ws)oygUXJ_e^AlsOQ>z>mE0bD_SeZap`}nBiZy8+PuWqt_kKM0Q_LWOiP4)F zXc@U$K4_3zGg>=&A9@pOg!W7Xy^mszy&`1J9+k_}no}u6qDt&|J}OW?!>PdgmF2-^ zlk~AX`K`jk2>ZEF^p_E7J9hCM3TIdLKN4vNgq;uEIYWT}JR2y=JLMfNHEGrRk0x4X>X^ z2pp6FFr}8#a?)EQggtZg+OfUGf}sz@1~J=DPk5ghsRv~Yo2NbsEw|9q%b4H!Q4Q{r%C4q=tzVH_eh;up3f4BqEgWamD>6af|8M z-HlYc!^_V8YLA0VIZ~DwQFc(Hq;qAi!f8%^4V>yP625$j0Ue5!uS=8-Q?)YU579g&VK6bo@ZX_Q%X(rIEv_z_bf_o3lqV zhsIRz6xT{dgtg0cSxp5Mh7972rkoB3BN~e;i@LU1ip~mB2SG$oo@SLsM*36^rlG`? zl;hf`In;`6@t1@1xuI_?!kRNzXb0N$H)#;{Ap*CB2qW6lG`Y7uBSy#7Bl+j-8^}Es zP>yzYsZoMZOKC7xe$HC2{ycG65gVDyn2MzGNgw?}hq<-rZ3$o{`dui%Q>N#+9#ZoEECTIa2Vx9BRd`c+$M(Q;Oik~1vMMt zZ56nTP&MO|)VG*K7x@n?sb5Y55q`~vvqB4#iX|EP^`|_}yJ8k~mW`8M?uTvzcVGB5 zlXzJ1ahRM{Sv3{ZUL=@S-G2OIpnt$YFO3CV!B?=g@EF9T14?r3q7KIVw_?pO2d$U; zq~C>p7S4I}0sUjM(X&(iH9I+YYv^xBQAyK4mr}8t~!YLFoSv_avV@? zyA25lYzuF_2=H2c(oWQAe{Pg4N<0h?yjd{^2U0^>^SI_ndC#iaK$P<6tulUTk ze0JWGx{kG#XsnIDFrlIld-hT8nZrb7`P5U*h$vjz%(KD^qoPLF5x&0>V;P$>7wU@k zSHtFRQ`-&8F}g+Dn08(g(T-N%&T6JGzoVYQ{81nZ=9b>Vy03poH@~mU{adSJ4=45A z^~3W#{=#7vkhgk)h_a}Z`86}sVoP&~suw^J1QniGG)t0@2)Hfy8_Q1rl8v4?mfTY< zC+LR-=ff~zKKf@=#M*X&biCw;7<9}TGlE-x>F~s}@S^L^bbj9U?95Lo!kZ}jOLN$l zmS|O2G2h-Sp+9E6#KniGwZxc zwU0)uzT(pzU$uQ6tG<+DRy%C|*VesvSKZ|OhsnHdk%e>->u$1ha46Sl8APUUZWY_5 zx2MBC^#r%IB*sy3YGoehTp}!@_S7MkY+U97BQLn0J^SgduE1$7wwqH&DhqLa#B4~z z8J7W(iu4th7Dn}mgjIaxr_C8Nh*b_u9>t{>^M6??q#ZU>9F=7O66>*n@E5LkT6aRB zSR-E~eC~~(>_3<74k&OMFH9Z_&~jsuh$ui)Rx#=8PNSRAZ;OL7VC*6_ye~|XnOFD{$k8W_ z-@d5Vw4?!BE#&YXn+)Hc!gM*?u6oEqHRD8I`S^vmGa=~q^~{ZPwX__2Je!!5L^m?< zZD!Z+Np+=oaz+N-=zgocySlh#j&KuNNY0rW+lS2K3Fr$TCdiCQ#c)?!wkH^W<)?Y^ z0xjz9MOV0RDD~T?lNZ5T%3Cb6vZ!mf9mIpNVS4E!pqN_55k^uRT0pcXd;l0V!bX}s(m0a&(Vu?J`sQ`k5hDKZ*92QpP@7me#&bwc2 zyR+u5O$qeK$jDT5JLojwU7dzF&FT~(K*IIx?CdtNX5J4wbMwywqSzx@!p#Be>yuhx zqI?(@+`>&(+V5Mj54$%P{PSPXn=4kr>@MG3#tl1{bx#z3xQHLs-+2q^3ZQK7kX-lt ze9un*n8-!098*heH;DSJ*~|}JofYxe3;w_`ncLyASLZ^laav(dH^Qq!^w@)M0(g>!BvJwbC{`$_2k|u|ZT}1KXZ@$y5LC2g{#c1YB-1D7RMK04tpTgrd z0^J@xCyEb-US{1MT0hC^xcs7)jkdY?;jQf$sgISntPw@c{-Wxp||7tep_wK zv##31Nkd+>4vzL_i5Ojh8uCNjLkv-kKFaj78%nOCV3SStmca%6D^q*EZtRtac9nDa z-sPPHc9q{Ip#rZ-O+yQ}m)|f%SBWRQvI%jKYPku zjy`UQFA{6=;&lAUVLkOU4*#0N>om+!M|@}F&tN;WYT+HkQ=&+@BF2T)nMf+Xzj$zv z$VFLpROJhEf?C(6HNNPLXtpr(#F6IO$#_XFRwAZQ+A zQ7l9FhP|EnoM!cKsRZtk^OpGF%AjO!Ph0KRQm37@pfXESjgSQIG>Oqtxnh}$8 z<|mvNIs1x&26D^+^?kuWfc3Zq_d%rw~R)c4|7Vv zlC?c`0-t(`O(y-AwUnx)4vXR)Aq^ch|CQf7Uc$v072dWzp~ONU*ajPcl->p*Y8cKP zYzcU(^bM=pQ$NCz=Unhs2mJrNt1hV*Kc{r_J$mH@FJ5g-Ydef;BJYQ*E&wh6h>4G` z_Q^UG*!hLDsIV1$n)|9}ee$9$9-i5uMaY6x+BU}Yr(z+{@)q^h;Btk_r(AZGjh>CyP9MfEdAY+zQI?$%|UnIR5sdEa8H)A=hmOr z9M5XM2lK`BEIxutaB!emv-|JapGwyVI$=8MSGK|s?J!8HlS-${>48g;wN*uqkh0`0 z`hiGRrc;Xhj2uKdb?7Nf5S@Zuzp>nKN$3m0hH7QWT|tl2t?$Gtb?76!Ca<31mi32= z-VTVG*)!@e_*SDGF|ub2uMHLvv>NG>D&m1B5=cq}tf_oP>j{RB7NkbCr{Ta)S26EL z-2d|aPN5^I!Y1OI4VD;<^=G}KHdc5jwH}?&fiU7p)tddM;|5gmQ|iB2vEgy8fnI~V zX~kLZkSo%R=a~ft{O*|I2FL_*J%hZyF_ubFT?h}qb7gkis&2(5dB<@;d~`Nct+<-S zK20%}7F?)*^FlRbT`2O>Xj$t%_Z}7B#e&otR6uzwa`bxR?-qG~64_X^!4{x@)L!3h zUa~qfQ-7SeVVL$!bEd{*xLw2_Hd3*2e!|GwGic(OV;pC#=yM`I-um7=-}5UD|Afs% z*Zjv?KH~;)=F*+^#GE-2y?{kMxvl)sJ7hI_f)|Yk{7X--(tV}KoWKTh)TVmgW7`lv za$eD~7_Wp2)Ib^7ucSUDm{BD@R?ozJ-VFH=uJU#C$6#Jjqv{3Msi*}!Hd9XSjoo@y zZxV3FeEjSpxdqhzuFxj*mO?LxY+YYegD)eCqAF)jzZT2{o!U+Bx-sUkzsY7m$_{sz5x%6de?NA;aA zWr8{t=9h$3G0CI2$>fSD^rNjVp=AKqt(GFqYtr)ZsVi{wmUPq}9AwZ1j(>LZKa_D| z<>ikBMrc6vwkxJ%&ROaVdxo#r`ovlALJx4T= zA8?y#67|^S8VtWy^WZ+JY%Y0J+b=ErucQMJO3uO~&lQsQSEEQH^nRyHGH_o;=AGT? z!6XsM#3ZU*(%P6eL-V{J4pnboUlGGWYHDjwk5*wTE?7rgjtw3joaUfz3=ZCf=H4{{ ziW+?DF0_{T)(`D`+INEq=z9ZjHtTDsBiQMac^%%jX|u)=L6wZLEdNSX^=~E`S2e(o&*Mor=%)(xg*068ve*i7eiyReGM-B))D?`%Lt91Lo@b5x zXiKl`Sd2EvQe$W~{0=(Lu!b)o`~|F;#PX5K7%3-7D^Mm7WXSticu$1yGaT1GX zaN?u$fy%XG{hFqPVv7-vU?`!9_VL`+n=&Ph2vjq@=@F;{CiZ6g0e~eRva4jS=2Qx9 zt!@KY@}^b>D2Ho+q??xkZ!v9P$z#w)&p-XBEWS)=mrh_lzmOiv!k)mT`?kGZqJf3E zpx8gj)pJ$6PLD2(55}Pz5zFr?phuVgxjnHx`HBo7Sfv3ATy%mZaJUS1@kABhb?E1vK@KL2DMt(rA2*dwx@|dog?#yg<{h?FoW!%Y zHJPi`8+6A& zI0DfX(0w>TiA)I_a6aeCMC|A~J1_SQQ1_UIZful!T`kRav6LD02R7{MX(x%LJ>^#` zs@pNOx(^>$)Ai_eyQ6`FX))~>=ECrMJ?BTfT)Lb%)y3M`tGsfHjR#rV4kqM80m=i2 zA(^W9y*(Sdb7y;_Y@Lh7n?)TcZ0qxp4=!LqR0BnD3kX&7s^ug@$AcBnR1=^DMD_|% z2QxG7hbO#ArzhW+LATK+QNa78+RpNOoTb|2=av$m5A_^Q7C`r)VI5_K5}OAox;}sQ zEIM?DX}c#FN){GYpeOh9ds$M%ujSy%6)^``cWdH=+=SGAy02%wV4JBOU#%&N`8$e` z6|sh<k6`Wg=XGqrDMOI4x){8k^?h8zdJBncb&lH~?+7vA6I5Et=!L53 zxb$kduD4|?w}`-O%EJH#81X1#WPN3KflgLC^q~4X!E1FcrdU)KKF5P>&2UuijgN;1 z!-M^0^A}2L-(q!4FX0mYUB8c}tqRa*hRl`KbGm>JJnO4EpzwlO75XVFQcK0?sSHZ< z|98LOz+@rC)dY}t2NVkk!}4-m;k7nJ^Au~GM0lGu-;^J>C2>-uq5jTiihcaVKa9{) zL6HM}bPZk8xZp%+iLI9+ebt$=#j7W{GxSSOFz>sDCHcqAg1!=KS&r>#D?fou+A8gN ztkW;%n3ohka;BXh_AzL9psX`Srs0d_nRgI7_y=oN)%O1c%7f*t0lY&BRiqXMI_plU zxI$3bikD3!)BHJV$c?>u6(zY;nZ^k`#Iq?@Ye*wbwtqd-;w2QL&1x8?(<$FnH)iSd zjb!I00|F?R-*3Egcsc}n3zBN5ahr!>zSw170-6_f+m%wse$f9t$W2tbQ$S9>8Tt7& z?~q44>T9B)P0u3TrkHfogG5xW4T0=Wee@*@P5DZaU&`&$b=<(3PE^nr44fLe4ic-2 zi{p6zeml!Qlfxouc;BJ-*e>1l`JnW|8TM^*2P#F4uy7%!{D)s*Y(;)%X zZF9}MsyAJT-dUZ9GS5Qo2+O>b+_PlRRO#Fo47YUSuL z-O|P;w9b38fVTX{``Bp@$o3l@xHJhIILR-1!E&^%fCbABA~k|E{a?+>{qY<{g7;j` zd=9Oi`>A=%9OT)pX6x7Sp1y1+r#FbD zG5=7n;NzfWbg!5G``2#T6){5bMAK16o z*JtJwiZ%KW7D*CMFnYqegLr)zvyFT7*pcLJ?MGW(>!F6fyQu%D1mHB(x>&>ztVIqz zhbPR;_o-QliHT+JzGhmUki!#-$vJaUd`eF%AHr{iPbMVr`6Ze?>&8?YoisYb}X37K=gOCCaT!rX0%Tvr(^13`W(Sdt&RPZ-7CkIF_?C^SdP9+L>gcqYd zlh#WFLC>v!m{$2X8)ShWMGeOe4)Q_m+i(Fp?@%LSoT3G{Gu<Z>b0ZeDWJAu__C=l zm@IH}OqP`T@u>wfsvZC?glc#1{$q<>|GGDkiIim2dbc3_-_mQq>h2=h`>m6#fn8A0 zsxK*FC(qljI{?<+KBm&KK-x@q@WEFCnLhiBc>YWb%3nL?Q8ZA{HY5#PtMH@>^#-y- z5;Z6pW4u5T=D#7t`p}7c$S9T5UhFRx#PzYdAwO?z`{$SSoCXeGx`|jPQZw3>JJ%yb z!-V}K*fB=oKJ#~LeS9}0dV<%``RF&wi;Im<8=_g*Y$<65gmJ(-6GgZ0lf_XW}?~Yzu?35Kh9Q{B@4B)!`2xH zDv5j8dqx6BBTaL=zLg}bI`jXX7i`0XZ38m`vKWaW-aREgfz8drtOr6q^s2tT8%JxM zr$=k2A0mpCI1PUb6h-#npgg13&l>46wz2WyDZ%+DYEQPWPsxtZHN4WZ0%&QDy>=Lx zr5@J*cPH2Q13c!*yCf&WvlP3*mgZP5lH~Ov>^dg=iG6DhvdjR&h zF)oZM<!t~t7Q7#YJV`@=u_@jklg-B7e!&g-r#uh+vh~0 zo3h%)O7(e+cX)5e^w(F>iFquQN%4gcQY(obhm9?xm_^yFfpHG9?sE(iXIl@8b zE>Yz7%@F8|i*)%GJeNgc%Z+*{ms*{&-z-VKHlHN`d}HeZ35%*Vj`v!y$KAvS!RzHv zPas=7KjkPqlq>KERL=bQjt(4b23gZ}EDQ`XK%!%V;87m=0Vb(Nb7HkCOYK_A>-&M6 z_KO%O+wM6ffHR^m(35NVAyjKe{e{B@vronyYWorGdQHYVwSd?>5b+o7ACpSxXst{} z-~iK`S(&Crj_HRA&50>d(PkO*)qeg-K=;MGXs)V#frva*z^&EsC4L+M)mUQ>hkaC zBf^%#4ox3L_2fQ$$pYjQ1?{lYcg(fd8_OjAb(j-3s=#Z)f(XBck%u!zvmWexfg z%Wz445_aM<3!R?uwTsXXVYQ)6xZb!MD^$*)1?aLmBqK@b-{Tn2?xH%alcZhF$%G8> zRaOsUP^x%OhM~=#NYakiw5OZ(Vs89R?XOmuUrl+b)BNp%vS1LQY*!G%(Y@^2To=Mo z2YZh-gwRA!gp%b}*Xri}a9L`1(BZn@v^i+6)~=_rPyv5*;kiYsLV}er?4l?d~+Ou{&ec<#RSjN1UNqd3r_(en)|5e>vzNvMNTd zsBhn4U@Qt&BOHXWAgOiHAzBQaB^sO7KRsVT*7(VtBPSk)a+VK0|9RU&q4yRIO{r>#VF#KwD5 zy>#XX>6Nzgw}Se|Q6CxZv`D}sM;?lNqJco*=|{abTU15J2kU+G@ZwFIfG}i@Rk|&i zLXQlha0^uMX1n4Xv=M(I140Nk(L=C~dvf)GzhIa==60995Qe(H9bK-`l&I z9n(fEFqBs5c93k`8y__lwfG5lH`LkluW{$AS06bDHO*d(VJDTz7Lmxv5Vh;Yn%tSv zH}%DNtoE5F%4R|v#E*>eVpptzqVdtc!{hn4Y%|#V{gNhi$PG1vW~_C5!&nR z@9)s*7pOV1HdKOiVv@TK++AsVQaPsByMNDJXmuU20(h7jcj*zqs`AAXQ&es;vu7&P zw{Kr`IhqzXV?cA&)Fu**Me%xqFT!|A+-C4ot5F_=HGAeXR0==(P-dWDU~6a?5!Qz+F=X9}tDvWa{UgU}Xwh{y^%V{Z=lX&`44vCW);Vk@v`&uZ=tKG;*F` z-5vFDW1QW3a)E1Kit?bue~go`lbe~6oTZeWNNK-H%Bm)*^8q)#Da9iX9q)5Jxth+jY@1+lYwHWYExpLy(}P3VtTA z&8Bd<-5HpPTgoJ$76tJNL=h@k?;No?7ZF00G_iT01X;t=Lm$@L|ZG&ER1848a;an=I}a}iA}V~9Z0FLI7Ir)?Ate^-dYC&42Xi3 z^x1DL@`{MvyMW50Y5%0Tze438*JCT5O2u586}3P&z_3zbIDlkk-!sPt)l>{K>SqAV ze6RxN!TPh1;^8ub0)eCRy|qBHmmfmrdxCqtl&5$G!v&q>9#F(l+R-jPXkc|{l{#u* zuv_?5?L(V1PMVK-8Al%V@gfK=E-orjL#6W#oARlNgG~IQZ*K0JA{;s^5fn(?!c0x> z&v%a=wcqicy$>e&&P>>jm;|VtpGqpB+~Mo-IUm3bd;WY7v6ubLsJ^Lff*uRfmPuW6 znHD&AmRd%F7WdB7doblJlg+v5DmB&r6yRVGF%%O7bSQVb-`x*nLCm z8fOjV$6hJ=SsR!#A-H4H_#eDx@gAWAD(kx%{AMgZ+_rG8D|eHV3K@ga-yc4b2CCoZ zqsQ%_nDga{;<=kg&+^f56wT*wPmSu+vPiF=&CFX}5A(5A$@T}lK7Pc97(R5VIDkR! z<;nX8*i9;sJP0?2Le|RJK_5(WD7@r$D%V*4eNH>O!L}R#qFI_6P9gF*coqnTn z1QkWkxhqu-0D(+Zl&f$8n{XMe@Er-E%8wEBR2Mo3A{0m) zAkxHE-x1Fhy3B;r=k%?fYT`m7tv2Kmcc_I3FdmCWA>$Yr-rQnLuE0nVdE`2KF=Zkr z`oTa&WDokbLRCFL26AWd%%{qmAzNMfOlAk} z<1FKIw)Nv^-seM}H2_f|T;12>}dY#ya&0A%S)mIZPP?umV$g>+0(<^yod z2x5olY=H?d4FDW?J|9sFoxXJg_uTJD;lKW2YOVb~QC|t<{L7d@X`b)ogjHBxoc=~d zQ+&Fft8COWbWa>Ci_QRdcyIgX)pz_qfLQycE~W*8I&_HQLTAat)3X@@2@%F5mxg{c z(?ykR#{Bcdf(x4{KZV;S{=x?mNe9kra@1{upUT~pVr6?S4pGeccYlT1?bnfu@%!Vn zr`)CTl7(tf!enJ-mzb}Ihs(fesfp4|lDR>x^!xJb0qbV;O&o9Yp+Ur_T8i6g_7Db) zi-MGFyCkSG%I`UJ5_757hK2a)mwlRATI>*SbF*b?Aux%QE_x&E|Gpsf4junTDKn=A zRcl8oGD$=irUQ>sU@*Iiq4i1+4^##P!m(`I#z%Gu@XYKT`}AY11Wt>2hVMe{S?ji$ z;}D{>nC^P6Ti*3bB%j#R_R6&tA%-a}%O-e`v)^1SaSi?FTu8Q2C$+iGr!2D$-{gU~w=aH&3TO=lzWVgZsNQ$5 z{D3A#j)_~h?0vPX1^`x&h=3>|Bt&B052|!nD+nsis^9p?IbTk{!4pD+g@-%CnWIBu z4^FKYf37bJ(R2htyk97Ipa1SE%XKs@)C6@CCIuk^0)tsIp{X75%CnjlNwe|rguOjQ zG{_nYdRTULcHXzIF#?Gz)ItRVOD_ZeLwdH2XRC5NYNjM*jDGK=zvReZ$CsL0{v=>H zReyqNw=wc{M6$K)fKP3lE@@-)@m@0#gwPxMOQo}T=tSGjmv;lGbNpHL#paA7pqG1y zG3?M#YpCVC;EK8iiL_x-7;P3EB86!$`QL*Oe)1KK=Cpsn>6|%!w?Tp-wefu~R z{pTUokUK3o`{I0XR$$4Tp^xDohLw(bl6f3N)(V9^RJ=O^P~!TQ*AA@!R0_S61H26L z4UyLkUYbqG<94ZQQ@3HkN9g@MJ+AbFm=8|R88sgAONH+8?t;yb8}6A>)F%==VjC`7d{#0>4({>TxDPo zy*f2Zl`~EvI56RQi~|u`1+Vj{q|ePN2{e$lp7;Dey8Z*6>i_*8$B$h{Xc%ROBC;Yg z9I}h7C|gv>3J2LEWF4cdgk$fStYd_dviCe@I2?Pg!|!qG^?JQO-`oH8f81`4ah{&% z`B>NEy6)Hgx~@M9o3`kp^slP2GR=}USQ@*>2VlMT^)aTe-8_OKuTrxP93NLGHRz=+ zCkidrZCq*si$21|UvV}#LPYBmbmtllmyJx5Q?imwBY>2v__Sc{H?{ICO5Jyulkh1y zV5v#>UUc-vN7Ssio3{?*!C_YD@fFk`X!1G;SUb#VPLE(1PK0AyZ-Jx(nd$q43?hZQ z{soXwrSGc$O!S&E5DRs3Lw8>()*(JZe7pLwYrtu;D?B_jwJBng$v#Vjkr@NMg^%W0>fg3*o25z%nxjldKh zKp@pR-;irJpqCte>mWz)^BVeiP`uxzdw`{v`^B(Fr$(a|VP_dK-%mYL1C=O&;|1_xzI-(f4{&vVQP}Gkn*jzLDT@yV z1G6rYq1jC>ns>J4zW-d9{g2#3|g5kxf74JJ7{qm?@ zbGolcjn7!I6TS5Lba-?3bXZM2IK!MDOni^{gEO~p7f#3KN!wBvaDgs9Y-Ie)eE9}K z1%tqnlB8h_k604cM->|KC1qvZY4m|$(m?$f_mc0LI=AB%FuNbSA6FoOiATHyx9HD~ zFz#Kdani0kBl7)JcAc>HF`;q`n#z(&E|U)fW%)9`dl?di*z3$|ucm}l01Et+0$sDq_3vn_m(HW8ZGY%u09dWrlkP#j#` z)o!e#qk|p-tF%(emY|P_jNICn^sOWYk4SWpmyhppqi)?sbOV{Mw}_As9YgB?_T>bD zcTf;%!TPAG@mJ+k+3gfw6c=8?Vu(a^IFyKz!z&FnsTewS9(8-Q%QWt)0&lFop7dsI z;%TeNM^(7A)R`#DU98M0%Y`WZUkat&0_1oOppr09ox!SFjVZH3i-9fN#^tXF(G4@! zR#bE|B7i(Fnw}+8a+gtz|9RpVsjLcel);9XJVw_)-D#M#i1DX=iWWf{nRhuIJz;gI zuzD~Dr%&zYA0|?LEo^Kf%F#-3G{~R2je55$RF5!pxj%x&maXc2baDSal=;>} zYPzqI2cV_erbl*qF7mwCY};16ff<`mFR8U* zGD1W-xyZ2LPlsRc!mW92@S+2mOMQ=?f#EKmQ37CHIsUi8z*&M~gp}5jl05)ZR8nv6 zy?yhuRlnl;-2|{S@ePI;<+~{3Jwml_(doy3Fh0DV%&l>O-W*E2iZ<(zIcZDaZTDjh zd^fRKwZyx-&55|{!XN1m z$Ub5AH){W)Qs4$VJ9P_@?_HV3iwt7)EG$J0c9ehoiS;jE5gt6GhV(p!Za-u$^0AjZ zZxk2(q1oh26X!WpNn!Z|FYss}4yoO1Pjohv3E1EqnqM(hrAA8@|6!rr_*_sL2hTWZ1}-W%lGS7B>|5aku0c$4!L!e!x448 zMwShJ&-zK%dET1qHzgR;rreAgD(Sz8sZO86nJs-uO&VR7{v8-r=XIM##?)fJvO2!= zY}lXdT(5ATVowvz>$ZD+ub|7~zu9TrU9r_X+@4RRpb?GJh#c3?6ZQ_=C7EyjRUuM5gk*Ix< z>|>nC(GPagwuXh+JBEhW$P$`)_if8|wJU*z*6k-Fo891vPp5Bq5qc=v2lU)>-Ym%eX zb@-SK098(o`1O(M)oS?4-F7r0d}_4K_D#jX_I=Ve>E%10{l97k z?V1xf<;ersC5ma@ajQ<7d(#E_-#oNc2pjn~?3&t##tfplmKOWw&%Ie7eM^1f)F`t= z95SKK3q4=m4kkkMUFJBMBr^fdqF*I$ce?KSs|u_ zH{hb>)JGv$;R^ab7hSF33}d({q3$n=%XvfrfIaa2=g zhO?MlDp17&h}Wb-<>77YG~jKTt{$h3(y47qXCf2K=6K*%v6j z%iN%&!|M{YFU`zu?YUpx#t%o&Qx%_=yu9Dfl1U+4w9>FOmX%i|)3bL8n1)qdSxFGJ zqw|<(s%#V8uw@5`dmcI z!6Pbbvr0M0of&<3@0v0f9^a zK{6~XE}ECHT)QTMA3NW!YxJRKlCQi|C^3*8{$KN|vt&P1$ja|mj!u;{^mP(LO0CD1 ztdU|$Y8nVBEftqTd^ zE%!kYNy*eFJ+Qx_IufrexxC|dXW9IK!cVuo?ab0Gins%Xw7r|E9kS zd$ILoQnvjuE}P6XmCsWLa%s}v)k_| zg7Q$JYjC>9wATi^1EYccb=l+`prG6VSYVv+cK8Ahq+V2*+Qd*;rV%J@xHQ9JjY4&{ zKql@N%G}2Nz1p{QNy^PExlSK_{H{O<2%Y>f2w$0d_bed4?`y?pjE=q`f^b!45)oQW zF)|^xBJmWhW-O8JO3sw^?N(Y6M0w9VW@M&yeaZ2y_Y7$W*e$%LRJ20F{_=k90kUii z`h9K*c`3jWX_TSA`VuyYJ23M()u>kI?0oG$dA3zENYP6BeNV<}T?!I)35x6RTIVqi zY72X!6DOoFd%C29le9+mxjmgo)fI85aQpp6=-Aa~hPU9o5&ZdbVd9}H%UxL9Md4*U zd^b<|&RMcQ^h*n`+VH#2FLNH^SK7b8b&P)*q?Ys6NxY6HC4>uccz6J5o@PZg`PN-! ziU7HBq?p&YL9l}}44FCnrdd&8#)mn-Tj4w%#6c7GmPT7yIW0pSF7Cb=oXxJodODIS zYOEN~zH_CDy*Hb8w>`sO{xTiM*z()BiHrRl=&Kq6dX4p)9t_j{PLl{K;ePX-HL{bh zm!i!3eKwCLJuxKy9a~o7jKZZSIqzK)S2>LG_~%xg1Y`9#+K%<>8=N=C>(*&rd_0_O zw6hEc(9`KdJMC&vieERWIIva1&)mK5{~%` z@nTTX@Q6!dgyn2Yn0<2cFk|I?!n~x7!#zTq)i&t{W4tSB&OVZ5(=iwbma-&rFxG~ zi3BE0L`By!uG(hY4_tMWzkYX1PL_=%U;-gee+3lxVo>aZLm#^(8zBy>z9g&iImeL) zB~%n1OGUl>C?vgGcvd&GJte&lKh^F&NJjLuNvk`H$aQs|qH`WT-`YJQ*>ifYADrQ* z-_z#3zUJ`y{-m$?s*GNe@=v|+Eu4lZ z{#pOR=ZQh=bw;gXn;n0U9PCE&%gXA=-e>E+L#oj^p+(zp4cBJ(bSa`|(N>=dKXK$}nDN5b3dUM}qZY$=REz z6F(UcCFA=zZA~$*S*fwC9oR!?Et`0Dl4$)jLVFUAv85=T@nU{4+1zE3H5Wpq%JyFV z@pDY0tLaGkH`AoP)c5-K&49gU{y;!Xc<%Nh80go9n;s}{B-f57!d>0OrJg|J9{JfW z>cxywnNvHH5BdH?{j0=)vM{oyBOS*7i+OlIN8^FiLvStSWGI4`1rzQlrDfT$v z;vbWNm&Es(cFub-D8I%B=om8aL1B})^Zm5r^XJ+Ef>K*rKbdw~Z*+pD_% z^_&C|s|WD&bW9lT^hSywNkOQS5dI~@hhndWILPP#5ITukq84p<9969T1=OLt3zCy1 zrKG6c`^uO~LPH)1W*FgwVt6Vt;WX-~lm_JbsA>0}j3DpvP{2)R12mt~aHQvTYTE>qunNTWjoihMA*io>o)_#oIUnkluSe*S_kt^y-tx5oK|+1 zI|DvSz8t$SRV%!A_FWPqNBS+{uzhM@PC9N?frpxSD2Iab|uQhLl)_0ij%M732HOmOr@oyoc7l=H+<&H8NO!+fFv@%BP6{xX?A&M+OB z;BbHEZ|*b~9;&Hv@_Fp7e4vxo5(GBgYn=~q+3#eX2Xx?Qq9`?JUct2ToCMSe@HrB6 z5+nc?hPr@vN%P<8gCkNxDONUVkf>vj{vnOSt4JaB*g!E zHhIC+qs9q$o*I0DK2n^;IZ zs68!X{iUE%&d*SFNF7$gOo*bS0$St(iAA!%eEQhV{et*_|MFZ7GGhpjoR?rEDZB)BTN&OPYu*Czq;D=!3RDY3(k{WpRqiX; zf^%0{>I{NmV(OG$dbj5und=|{L0$zkh%2a+9`w03nN_-n{hfwB+j*u^OK<{Ux);5T z7}!+jq`pGNP68=Z)^cTUcM*52$6m>P4i)gkHvOKjFtQ5GrSeP@q)yuil%V-?-!H>7 z{wnLMW{Jxx0?NN#)Oz4{QEgr+k>X@jgYyO@mWDFEZuIXp{n!JYjE+u=yAu%-E+dc) zUeB}Z+9{ssvlm~*2$1vZt5p&*WnJN3I}9&&a6YSn!Mbuy?C{%t!}Ei~-T;sY&oW`W zLoVa~4N?&1pb0WDaEH%QanqdtqQ6r_NW^e&_FN96ClwIx>ygn5L?je_*%P?GjzvV~ zE&1e+AM;WG3mG<#K!lTp(HLbwG4xC6vV#8-ob+LXjAJ4MXoR`#%7#CI;>Kqzx1P+cA}(7%B-FQGNIL0!m>wZJ8UV(F zaG1;?LX)@pY&fbh^_$gg9n?c$h{*WdtIW{MlBoPuf~%|TT6fRMVh^rc&#+8>bvkI0 z7(LbS18b@C+Gh{8?SjFc>^J^~KPS|Ew9`Pa$KXuomvP~9fS;`9usTMW`ksXM$%i*{ z5$}y<`%X^k^n3w&418=@xG~8K3AyEvD>?d5`Va~R3M#5=ki#@eS}Uk#cS^D!z#vP;I~TCty1*d-)$RXdDwP0Zn%_!^`#P6Oi?v^Y(^&{qA+g_%!Z` zBd3H?g9#lj$$_X+*9`kC6Y0YC-aV>>%5Nkd&2sXuD{OLV8MDscC#e5T>c3+Mmt7-s+fBnOWS3s7% zjX3g6xdKRf)jJu+}4d%(_=!PZJtkldT&oIU4qxnGKo5a{D=WaW- z7?d=+udlliyG`1biC=jaYLdfjqLj^H$)S_GFq{NH71DA9`gYn+LE(gcm1ftk`6CtI zopl@@5_u`2gSi3ZNI_=b>wUTL#?BVWpcm(0867B!e9}AI36|DMAi}yJw<`n6Wrg0` z`n4lo@;;`PnF4pzDBRNM^{D@dTCDE`weg#sVl(H+<(iDI4!SbS;IQBp?&?uz1NCFV-`0vHq^>a>S@Uf(}jtxsi(2}Pb@bR*WJw0qNi}x*J}5M zT2mj_7oLoD*TbS+88|I0!awIhnQ$w&2$i1P*bAX^q#zSm=9V_<>*PJ@WB9J{Eq@wK(iu@!17+stvhDOV$7zz6N*mqt%^_oB~n@qy&k zW%G?_Y6-0$8Gsw`X8jCcY4!U707V0|ksU%sXxQ1dOsc?Q_oFH>(Wtn6XWUx{fVn+i zC4Mb$MkZR#TG_5yKy3_lQM4AFo(8}l^|z}g_WHDye5?=n4Ef^Jmz949(W~>3g>Z;< zO~9-D#k+b7h>Hb+_NO~y1Wh}>x-3S z*&B}q*KZP?Dh{-0v{x}bnXLT&vSGaE>3Pg2j193_##(v{2;Pw#Tymg(#3BX)WAnTn z;5Q%703Q<{O&;EW4G+J-0QsKQrLb&~xPVK8roMQw5J#>jeiIN{LYg69Jl>ELSXr`! z)}~%$BMVhSTiqQRA7ue?m6+tN)RK}1B}{d8z`>@&{k(*Ies&fx6#DyKZQ%p$yS;i$ z@P5aNO!S&!xo;=VCaR5e%jTjAP_Pm|uafLT#~Vu`$?BO|9-Rn%BxB_i@D5!kKuIH zqAtoEwJ@2OJHX`SC7=bqc*i1t!jQ$KHXK6+ymO8SXX zH7l${;JzsCLCKXqn5oBd{$ftI8#)SjCc47b9NywR3PelN2}|p+7$_m$aks9V1p+xh zIT8p*AK8e6R=z|UgeyhM3Yo>G!wbmk1wt{#4Cj~$VC%OmGWj@)s0+E3)hz+D)jKDH z!uW?ON#}UhM(>t5Ai?m~SK@UR{tKaOmPM?v^<#X&Z7l;8SN1@U<`F)nMjJtA3lw7w zQw+7S`|p4}y-VZK%6=IER5|N?j>C%-QEv=N1X?NYjz@C|Dmxd}F!UWb#?w@d{|YgW zNRAek&S;hL-LniILz?C=N=_J8$+9lSc~?%LEyanc710r@Neltr;G8Xf>bZrTJd8%k z%mqf!dT%`cyn*9SvgnjiVhUYgIeqtZJG${zwdck#?yF|U!r}g0V9q&4GnPiN9S z`)Ro_ohEi@I4HPg)1$miV#bafvAJZ;^PL-7%Hx*V{Fo{68l=Z)*)lV#_w0a$vjc=- z89*79q$V+3O3h?PA!pw98KS2Iki+c#*GZ!G95y;!)Wi@=76SQiT35|(pd+4@ocUS- zBe;gzPT4@1X~ixRM3c(9)4%Rn+YF6O230Ccv z?gq~!7LHKy;_y>X9zA<Skt&r1>^Z$?!AgQzD} z`1A{Zl$S3gN@mPHC!j6w^QB|#Q6%oRj>(}RwQs>7ju0aRov!F7xL%0rHK!7Bq3m-X zUwZottc<>(c>n8MfqDK+pSw#D1s?gIIzk9`^s_laPduMT68h45(SeW+J=3=4a}b98K2@)NLmgv`yIMF@|QCsRQQ%jts} zr+(hXbs`WMI{D+4fP}R4FK<-C0t>UA&lOOZX*ykzFl6nhPLKsvmX#zN_?lW*?4XoI z$DySE&_#kPuf5lf^IXREagw@?MTCLQY6QAJ0u3H23F`I+bC=|yH0#w3 zU)H19_w27TA?M4nAML6RI$Z1LRfi|6Rg`{ z!`NzMoR-?0j4xW7)=BG8*?1*2w$ASkiVhseJn+j{67oK0?G$Xn(6jhV|5aK6K3NfJ zJDkZXc_t__({L{=Y3D!-=(2~R0vdM$0!~BNNFcI!$+G}ryNx0BMo<>sR3V7(WZx?k z;%$il7v#yZUBMMRk>jSnqQm1jtTrg?a1K9kHdW~rO~}$N1pqys<@faRx*pFEqwKs& z+6~OW(raQ4e7kold@5Z%(WNL+Vj7$E+}4-t;S*POl#RdzlAVtX99l~0u2LF}eB8>J z8$BJP7(6Vg^-jg?-BNtUj|;xBqwZNtT&>(k8qZtTE0#oW=$|rhZRBVysdW;hgi827 zj%TS|5aDOk@t(QGX=w3r``Xz4?7T=^iNi-TVj?Dq97@%I;YnST&BkoiUA;CPZVKBN z(w+Koaca!F1+SnLr4wlRy`L zs?frBmZQbTSMwY+OWS*$rmX8Nx4_<8m^;fm^)igl04itT?TO=zZPB{Vf?u777sE$U z>~D(w1Fko%5o=UIkc7he@G(^7xIP1BCKjFRy!l%-dWPV?tP)Bxh>fxOmFc zBQgRftLk4n?G5>Qsn!?wuD*#G$2c9}fFA%SXO8(WzSBZ zA(B4qYKsJMVDFuHqbavhb{3lxV?TCRG*m1XC`$+?J4#uAL}+NaW{f>Iu{oI}P4J(s zWl$(0$9yS8$Y1tcv#U?{HXa@=<`(&6YIOD7MoksKsv#WxVn-utttXq`Pk$y$-nI9h zL1)i-A8Hfr#AaWN6jb9yJZw9SS#qi^d+NC$Ihj`}aV00_nO>*klb;4YBk=17xg=7} zfE9vQe#*?5K+m5@fwJz-!a_o?fb&TN2pm#Kl+oCu^sktM11^Pp$XGTqT3r{oFMz-q zEQwui7yfF8y4LK67(R75XAua$spSi}l*Oj5?6&q#s^9S`wb3&$##AHZ?V>Q>9HZJO33%<}orZJ9?cbob zy-YiZlxaWl@76Ey!#O-wWIuDaie5#QWaeHfc^l{>()c~;O8X^1*xZ;0-DV?Dsr zvIQ#b@QyeaFenTMl#wB;rx}naf7mjN14@rME?t9NzA)#84aMwSF|1m3r2ewT1(g_q zKV3h4E0}uHc_fmvWcS-{-Hwxk`hoxn(c`00&6&{YT3_R_SrK|t83Fw1ngglsBlDaUV})_hl3z&_yqATSTD<$9Z0BQ)$@H|(Ac3+i&0bLJI)8g9A#W&YzK+iJ&2(+sl z^y8%y*Ox5kR@E__b`1{h ze=RGrl2{3d|IAA(r|&DTX!4*V^o?9&N;hJl5+9F<-FtGN0AckcDZD+kcuuuzkpqpAjJ0CMr-^S358f< zYU?-6LriD1xA6$3J)ai>g~U6}frGCFapf{1{lpe_Ly5mgnIirWd*Q`p4+41pvIOjBork{jIIuJ@ovpzoG8MeZl+#0(|tJ^|;-NLnnM z6vbF%X=K9c@YZI;J&WZ+pIf4M5*~@IG@Rk5yKvdcE3Vkpgp68;zOfmCVeRC6|Dz++ zsxSzCllaKj|2{B~_*ts5o^ccTNh=I`-JE~f(0@@ZCQWk6o>qDr<^3-ADAjd)9?i20 zua1{Y4zCl?nsc$_%`!P-(ypy5^GK9ai-lSGn0`e!&r_-mPrUH$dNuh{xhEIo#G8lR zCzt%&A^dBbxB;uF3|SW7EA+4yqM{!tbh&ypoYt?(XPU|hJj_5ytDqxdhH(A%Rh5+I z0kXOTvcKBt7)WQfN5@ubYdO4;Q^I^H($h%|YhR?fr%J;iLCeH3HcK3;&iJY>nSz@D zbD@*HDCqT^r4e+ARFayIL=UXO7fX31{61BT7xTS#yW@Q}Ke=+(e_~|79nQr z|LYW_hw2<_^Lw3dD}nDm6+# zi!4Si(_zU=jvw|;Nfh8Wt+PK5)UjZr zQ%pUd^}QUxu&8tBEt}V7n1Q0z$GhF`M_YDSQ=X1QWSdjBJugIdUzpsHe6bY5ANWF> zEbdGb^YZl>vyj7KWwxE%va?R@rfWy@OP^t?jbDzO>3*uXJqm0QLNG9%+J*kyHTwt0 zGE0GomEw>3307~CxZ7p9N>IH9l2?~Ww4TX4bNwqA|LLkT4c;B90qv^L>R=f@pO(C) zXe|1HcV;**S3gI$_6qt-)!`i)c>etdlH+tkiOS;>fIvlp)*n_Sy!KT!?>MTpPJ+J1 zyqkhCBxT#ZYmD+js=J71p1)(v041PXe<-dQ{9xz#(y~W6F6HRst;P-Zvuv9F1Na*hXALdB)PwC zy@$Et9iXk!0lL_K4MxVxA}4Bh9tzYjGip}rKBKaCPOPJK~p+VaJl+nAcdE((KU8$-UU;jg|N ztCX6D5-R#^E3LwLtm6sQ49+p8`R>%MSxhUN2Y$VD6kbamYjUCqZ;;Tle=vZY%?jck z+_wu$#Tf}5G&EW*J98|HSV&Sn7Ty*Q!e7Fb7(4glb0yQFD))N z9dCvAT0>eUDKR%9uE2T5j$_Uk8?f7_Bk!Qt8@&e_O_i-}>@30y?;EW;)(TGg%i^)^ zR)wxYHXOj)4ZChz-{(9a*a|(09G=G@_LJPd=3EvV#oeTlao(A>Pt5w!NZqIo7tSvp zPSLV&AL8kl?uraHG_PuzYG{(2dgRJpSgyKrHx`5K0aZZng#H`)13JT+8bc(%wwUHA z0)^yijvya5@tte*>`I{XvDA+N+Eo^xl1fE!rut3jvCWwE*yR;O=BoYOuODujk`#(a zkr{X~=L^LXo|nN@3PwtejO0C7JX&7E`qBTf zXhT0FaA2v+Xbrd++op?9ai}XK`_TskseWT`aFWv`2->w{6a4B-aLFUrIvlkRwr{^% zHRwJ2b*p=)p~U;v;oy@~}~I zii6^1C(ZA(0o|hGsdnD!y~Y+Tv!xgXwM!y53X7GV?VI zlM8YjJ*SrJ{;$6fY8pI`Mj6_CZ@RuTc*p|F)!(kVt z+bN1!b zT(?2&e0AVnT5jdyGcKXJNp`_5^oqezlM8{pU?_T2bv5I4i!yDi4KF9 zgoH=!kv_c_>fqy!!CB7-%Zhq>(+M@&j~z%w>c3w&T@vkt_`!DGQP7u}{NWW`Ra*U* z4h;&A$*)B#-vUUrurk9ZP=x4KU4Ood1nwJL+#2rX>eaPA(U%XXCtt3V66*H*j3hI1 z#N;C6n^=3}c$x#Knl|Y#koOjyvrMhcKdA`tV~-f-B}Vk5lIA;g_XIaAk$GhkIvHw@ zTU7PZ7Y(gYUlH@&3$CjPi!1C_BQ zM|oFv3$-y;O&z85>F1i=>(fWY-X2bExmR{-;eG3@Gxays_)_(Pvt>>Vd;mi^LvWx~ zm{!H;iLdlRAmVf<>BZ7i!?2EU68EO8IAl+g%iJg3&I*F2Wi~pYz5Bq4Xno~x^2uc ztC0dKQRM6eXs8{NBHUjLRvj~c*xuN`_JqPJKwi@?$h1cT+yAO1$Hix%twWTfB-tI9~%fq309JjIMQ+nQq zpPn9VN(&t@py-QPPFlL@S;_ItEFjbJ(~R&K!9R_f`a6)z8jWew9Ss}B3a+cRC&mOx zc6f)+WSL(^tTUy)RXqFt%O7xYHk-G%L+M4E1es_pOPNBcx5|7tAakA3_xI0~w7pNlvQOqp?i$l6Q&QYkiXe^SkDP4R>eY(C zZZz;I#qO;O#vyVx8uLB0%Z*e;*SBJb`3huYnXE`lI0>THEU!x^@Bm z>)gSnbbq<}TYKscrA&dkwGFY(;#$?1;_hL7a;)P(h%Zeky@)MEqhYs6ggt}uSnb5) zha^4FYfIQ{O6SMD-LC;(xs9vX;P1otJ<-9GXq(>@JN5I{WirT0P8A@sub;dPsAuYK zgDQ+xQ>xFuo~IneMl^=I)~nHqR~6h&Es4!Ne#!l4Rfx#vK%8hN&Z|oz9&kp_1J3B+ z)jMo|qN4tGgq8mzIU!qorUtNmI19HQ35;Y=-mk~lQBS1A(kheyLx7pcR>?4)y_Vs6 zLFH{%jZ$gS-=wrOmNqXtzJwL?a+T+;B zd(~3j>Hp{;3bUjUfG**1ml;VT5RvTDT+8r9dt&0}Mugnub?>jv@+cz&M{)ZlbVSs1 zDBY^pPnHMC=@)y$WUN;VIrJJcHt%MRqqT*Z;mg0hNXpp?QN}1?ktI9gxAfJU$uCOX z^XoR)wGV??5`pR@LJ`5s?YG@7%OUD9P%7Q2ayBcXonQPOd8r(M3;r9h&t$ps5U4}{ zv?!J(nUlrO8W33!lMo`O2t8j1m|kl)SKmfd8YZGQI#p4O=neI=y;&FWbkwEt;z3B) zZ^tOiZ_TrU>Jln|j2&Eb7Va@qHp>~baiCrq%iMk&p`qh$x9&ZV(0D3iuzv6Aw>lCI ztsm^kssIVfJDC;NK778LDZV+<{$<+a`5}u;=1efc25FC!;HNOexvcXzT`A9dbCxb; zc?ln#NvI_L^$(8m&l4-i12uv*76jpS1p3*LK^eI$`t#M{?E1VsphUZZxyzKs82}PV z_%U{G>-xl8f7Hv#LwiXibKL^_)Tb@6vAtL)$qPm!X_VYaarYJUQ@tyt9ubHhMab1d znXEol3Mswn;IaYFoT=;M&1*4`7;> z4|C@d)EhmEzl;l}_;zWWQ`x39ht|+G_(U5j>;r+%0%#X_aFU}hOVm~9#iL9CEG2n5{3mI8F6`#2*Q>zAq4ZuD;A;`{L;%WYbJ zg|Dg>QoqR|ZKWHyuoZp`J|ES0)BipI{D2E`KM%p&r)z!t1~_7&L<*Wp96Yy`E%H2K zk{;{i2*cIOud~a!gDbD~Ow6>oDCcOqKWw_a1j_cc&hK(mOYEcl-& zNc=5)PtsuE8?xIr6u7Zhlrz8fR9xZH8fGU6sWk3&LxJ#3@HRD>Yz8=UK4>o0(*I9L z!cH|qiqxnS>()CuuB?v zIO=cfdG(Woz;5W>A4s+1`7pya)ywcv$LG7wfr3d@SDj{t7P=Jl8e72CNKE=Z%|8V* zKD5fdqWHJ8^q)Jm`TJ4wf<5co@OpT$;LLLp|5s=*x!(OjDdaoGI$=PFpE`4kLr$o|)Dh;u9h7c%KQgs$Z8ze7f0_)H;8D~$E{DB!;h zR(6pKauMpYX4t-*6W`bl?AHR9Jxy`@bpv_bS%+6G40!X0WX1nZJiM{r_HYbjhgC1LSm3 zthvrk`oB*2rq4ov2m4R!V>Rdnxa+^S1mBrHoTSP8m#C$O8*eobBcK6(|CU2e^?b92|fV*8@8Gr6CE)8|)~m zqmzEx^BN${#5+e!5BWl@o^gSfPdl$@BB&r@qbn!NMB-BTfWLmkX52-s{|?Gk1{3IE z(Vaq-R8Z_*u=Hix1?|+$w=PIfz8u1tQYd92Dd;Wv(~GyqrO4v;>iB-=vX|E{$&z7c z{R@ay-PW&O1nHp5T3tWTd@uY`e7i2>ywCG&7r&K7O+PS-{O`$pPmn+efoy!Gsi5-D z*#1Xpmz5_^1$Wc#^M6!g@v7Uyb&5_60Al?8%jp_&w1i4yl&&c1HlU5&21R`H^hJvc zifivV`LQ4CBRA1&Px=xn%-HdDRNSy#eO?MKw{);wDm?gN!x|RE5$+il|7YYem+*^6 z`GEq?ZaSL@l$K4b4zFddDZeOknMB0U-do6z6gdp?Tro5&NC2`K7~!ms0Se9!)+roZ=Twu_upkwgXP?(HKJ_fZP$ns>8FGfm!oxON7Ol&b;@J9IFqw& zYZgp6jQr zNmp)b@C=M9SAqV5)GgoemlL5Bajlm$X(*2HOjZHM{LMx(#tOAn$qg&?R|I)lgS#qX_%OmeCNay)Hxh1 z5gJ@v9C575bl!#y)Xf$PS*?)xG{i-$uMCJ4`?r%WR>UHXr;lPJAEgbad&{hCD|Vy3 zj`x!0emqJrLSf{{en-+*39pIj2*rc^AU*%@UNy=hBmgOL9s>prBnESCmzzEo6sWr^ z=`t~@^}5VM=fnu*@)2LX7j@z>bsRl*xbC$+6NJ_IYF(nYVFk96N8qpHJ+IG8m}BmD z=(0IVC$I&@#~r_s!vdM|&OpZghCVNKcKV$_3?IQ%p5p3~E^dcdH|> zb=^~XdwSPo=mpD;8gqM4%%^_W0MxLs;2p?qhf76~yxxvjNCee@R2X^IoJ_XUx?WLI z7%YOKhHg#?G*vczVqOO`_8)Uny@w=A-so-@t##k0@+!Jc9P8pG3(aB_+pvJ2NYl{E zHGpL5gZs=?cRQxqDC>WOq>Iayw1W~$;rsR8KkVK6Uw}LzHT`uZJ!=m@46f^?&0k!o zKc3M4RshD8JG^17_Ep_B_XTOUjl_Yf!SYJ6rzGvm#yu+DS7(IMNCqoM^aD%Eea@)r zW`T?PZRoQv#e1KJXDx_XV33TrzBZ2L3}K?u z#7;DxZR#WSuoLyiO>NItyD7=30((ay4JHxC!s}Ekl~x`Z63o`u&~$+e(frUbw8wgJ z&_KOC@8{2yf>eVlRstx)r<=l?C zAaL-5Z7`aTVW?cTKppNyP^(4&l?;;aejaf{s;Z?mxtVxwZqC;A%ekNk8!{SJtiQR! zc7zPoLCIM#WxXk=R~NWHQ8}Xnztne+MhQExwRYq`r|!oRp#o>GaLPax5-Pj!Rizo? zR>btXCR3-qG>0=5Q+>+zw!cUl<;_eDosu?W^Y9;6cxpMz)p{l9Dmn8^Ivn08Aj$%XQ z;aW4fp^CeA^Be|fMZ=&WG*>lVJLZfOU*wh_sx=y~G%}aQEtL$!X*$U2JXy7?>f*V$ z391!z`Vo0^a?n_pa5z|ymwYiM;n2~b_?^h`|1otP@KFE%-zKs`lvPw@i>$LUD`jM7 zlTh|vN0H4Tv%*DK|c!_jtXYujljie!V2( z^3@f6`*>|%G%(-Y_5zv#agp3@3osS3S6aaH$!v)Q>3ITeTRn_trplsMxnyeYqqq%n zghHi`ZxIIq?NG}Z)7nKzZoe`N@wQ*P!AuhIDbId9x9o7EX#(n`sPH@hHAkv2Zr5I$ zJx)Ap<0T2=+G^T7Z1)VR|M|YyA&hYlM4mT^dD|~{UNMCgjEN6CTRZXlEb8_y$X6;N z!wdMs>3bG2R(gEVD9+Z0cV2Ntv}{pD}Tz zO(!2QZaeienSN7;wx3RSC(nGhkF;6_o7nYkXvNk9h<}7GuUDfnUYJ=B%%Lo{SYX`h zi^DM57Tk(idUPO_Pe^AwJ%cda8bYPS1$dVKHqZ*BDxu@O>#n1!p<==mppD@gF&B?FUah6B+Q|w$B8gDwlekeYz{JD-wizUz>`z$TzmF2EY@nG00`c3yy;cA(@bBu1 z9cv?a2l&%s=O{2Pr&B{!plE9*=urs0Ui%MmRniYZA=56zqxEJ|n+*(J^F!f0_el3t zLg3`&20VD`+1A^yLv}LXqitx#6if>w=4HKb>N30gZ#u)7ms}8rskNDA&Q#j+5)dg8 zL%YsA0xFk-{n_$D0l^23OuSDqaxsCR*lBhCE=G^9mzG1V+cJ0`T-QIOlKEs6?1N;< zw)P;G9Y64YCf`TdIB`e;rECIDodkRV_rC@mtb&z+XJ&-jC7E-0@?t zOly;Uz;)p3g|BYP+YA^plgnd z@e%WlGWgczUZ=fey4IfYWe z2m)CTV;1e2K!I69e}`=wQMV1?q^7mb7U2WX;x+02hT&U3TfC?@8{UDh{4UM=d?BHY z`~yLld#+w$K~S4sWD@=hHLGwA@R~qP#RKE4UqEd{v3D`KN%91749IdW^hd59spw!Hl+=yPiyvvn{4^jyb=EaG1bOtZ7z8t$@OF*^TniLtp=$dD7N# z5ljG2Z6dlH1Lf==SmfiJ2%7-AOYmIwtp0xy;v0WX`*)QyIYVKrw788tXmPr}FxQ(i z5n(NAwkH}0Vu-pZ@g?-mv_>sn-7<-NB(S_ypq7_hr>V;-u$kUTO|#5T&8E{3s|HM6xt7C@GD<>Vu_*0D|?32+6Yz^(jUx)C^!NKA>^-bR%Vt^ z^6-qkj;v?fnZ?Sl*2D1Z@+X>s6o9KxQ~(pltTEf@k7yTTzG`0eI4LBNqBwbsQb_;k z;d;y4yvBVX5W9Agu?yg?ujytRevid9-GDyq+OsPCCN&j#NGRnTQR#5wXY5BYiCgL0 zNE>Skcw*c$fhuEDwh9!Y;?g0%7m8ev_o ze>xfQ3t+wVFDiWfw_4wn4B<06xcpX4J@eySfXL=YPOK~vT*@)X3PK+AO=l|)#;*@w zH74l#A`Y|D-tm9k8thw>Qo9ghs)4MtNnw1UL%Vn3E+gyNeQlw2s3y#{8`Lu;rqea^ zda1{PfQ+;{s=sCOa0by%$#OSwsIUJ{Wg;um55|4w2cPckOCL-ZVCWrmwZQj0Ut=i< z(UIEC7y=_dQw}^_mX??-WBu4nFZylvMAT{WaO>=@QZ9}9$o@FxgQ{;&A2>P}Bpudb zR*rVpsh-*qK0)@&1~#3^n!kEg=xLgsO~vXvi1#q>McgB#y2nL7hyQoQ0HJF2)bT}k zW6!zJxKnG#`*?dl`0t?`7=WDjeZi4FgvV!1mv3z<*=;uB=I#K6Fgl*d&ICLgY$njn=!1sz}({VSdFHXB~doUN@v~IsivtD5v>dx026IZf=i(~~{biGYr;{(;a8tXeiBzPa z`bs~%g)RPUAPee~GPxwrkp4yHy40I(S44UJmHbbJAJsWy9=ts$CH6I$tlE-!d9l^z zQS;}u7Xk9?tXnsVM&KPJw*YYQ0YZAqS9!73eC>mfqxf|>|7YwNUk!86r0q4BYzHyz zEY#s{SCGACYQ8qmRl54B9yNp+6uW+$xOzMksVC)io4;tM0cgW&+VVK-u0u_b2XY6n zSe>8(&SxX9gQtn}8G-ZeBD^akQQ7N<^83ELGv@TZ2+t>8pggM!0wv%5=KqVayFTj4 z{o=|5PBcJ+NCjaB*HEWGo9g>4_yJh-^yN3F+VM5a0@BV4kDRs<7yWaYgGh_7MizlS z*556VFdDhGG^ECETfj*?;6M)FnO+NfC2BhK?$rT{{)9r$UCjizxyh7Ev(x<9)G=?V zebfBr3#;JUo5r4_y6j>u2iGml2;U7@2;cR$Tw?kvi5c&fI1UrXs&a%nSqf{ zb2`w9*<&LMPU6Zqk3lRs&_zxE`;Gk};#e}S|5j~RSZ6)nMOw~|_S<}ZXPx+b{>yq= z7FtpuJR!;lgdQxeig*uru6PBL0@1m}RQc=izUObhkq@An&nx&na`Eb)?q@07PY!Yw zdqJZzK6xXkGf^u0MN%h>`H5}Q87bv>(Xd*a0u$1YBm|PZEg*n5 z$guzB@fg&L-aLQs#SfXqOYrS?v*`W)<^^KXgEa6(lgAi*udnN_{QDhr8lwvM*PR>< z?yAv~45E>9IGZ`}pyw;Uo!SvUJnF-(H%OYu4l*Q_h{eSysB(j=yy})=iteKct5uPhA&bH8bTE(OMv(FO{7Bb+Z=V) z2sU|}{5Q=EJW^Cw38ph+Dd{&}8|QH{#1*LxKDGst<>W2`)_~R9DfWk^UT?nE1LoVO z-*CG4mfhENpAu&iJP0ct}oHv5;Nv3|w0Q}ZYV%>+_K%%27>D@H^W$E$Gk5p;T2@$-9;kF6PHoz*ArT<_7Q5u1vB*Wc=P=TLv*Hw($bo(y zDCPe8lLYeHXh=M>)rd8jnb5Mihn3iBg7X(S_yN1uYR$~VX*{o-d7I?(uWVLSJ+*J| zk}ddzb;Cv1yD%NWSQHG@?$^E7CH?=!{K!ZSd^`bDx&bPqTdy|!^`gGue~oUFle+EU zs#)%yCq;XAd%@EVKV=2 z_8=IjXN+r7|ZhUhWN9uHvF3Xp#p|U3|_jiuM)>CGmIM?FDUqs+zB4R z?Xxonf{UfaW)sIHwGRADpYy1io)KWm;h0iDB8GWJqW`)4st7|yD-GH&Vp z!Pri(8$)iYH3{cX7?v_=yAefnKC%38Tf^Zwgp2ZV^Z$1ozs;i`wF4dZjG_V-=n ze1xyskxjO+U(80A3Ap<1bqarcvxF~vgZeAuS8GqgWV7Bk{FL9bZ#;O(uVU%>9{+B2 z0`YgfD^^v{tIrO0kkgpCsWaU}H&lUkUZMJ|QO#yrJ(N1J&{22Rt?2QZWZp^IJmwhA z^kL*aSBEd7MH=7O`MQ7Nc-{Wm{3dbW-s@}QA$(_^!inxD2dcv|n3-84J%4m*^V#y; zw{K+EWcRw9Z-@s;!!vb{@55a)0?*)Y#}8thPIm`fmv(_h;hQb5Bl~Zg0$CF)Dd(={ z(^o87*JbteW~e&cT;;htZ31F%)^lG?VQkITVx_VIF+jn);0_zlwRHCD$0w0J4bF>e zc2>);t^)^(%bi|SA{zqJt4)t{;$xkP!4f8QTZ69=6#7Hm-TBK=5U#$27Omi?j1rq> z|8$@?%0L<>T5Z8LFqz-EWATnN(T^L>9URf*EUbD2s-)}^j#SZ-Esd-A&4S>KeQdzfx&#B=32yot!reL* z1KXjksB^OfDV9!Gw!qV^D%lEG??(%^=bNMuDLZTH&wET(&eARckUM{EXlf1_75C+f ze{80zVrqx;Mn3bM>A7Pg#_3H0B4;xch+_KEj*H{*v-Vy`mOR@1=$co} zH`o6`1iBvL^X2$_>YPvgi&G%BK@lY~H%&{k=ti?^-lAvRU1}${Sl-x+YpV99)P+u(rXc*46n{$O z+H&L^1BWvHe5H8_J;}vSPxsm=1d%f()3dgE9C#v80_wDhA9VFI)`>(ZD*T^Lel<0c z2p>oAMaw#_r!M&y-}>`*ywndH>L;o|dqY54(#mch*zXT4^#TRS5pWL}LvHt_v}h?l zm7}?J_~+$sJh}UnUg=FZDP-ExiI9;^}8fW zRICh6v3CmoiIA0_J^(Vf1o&hbCLpp{(jc2?K9-#`m=hatzqq&seEoW@SKaT z%(i_oTf&s4j=c5aNnhnl-&mSz{aaYp{KL=vEZ}Z5Jx>l0zKjyw0L$I}Hd8CSY|tte zER0{KwvgXS6!Z6ft#AEK!{Hl(VdiEVOifI7W+8nlgS+7`YnLI@UT5sb=L+!=(W}6l zvRu7#_8k7bFZvOQsgVm!&%dfYt7kF!$T!?WOmu>7upA!#I zWeT`9o%vjvh#=21=Q4#Zj-mnA8_%u;0iHj!3<;%%ZEi%5B^k?o12+0Yk}&+g>!wnX z>N>nm6G+Jdt`>`IjI`=RmPD1Rzxr5)o_^Vv+F0 z9kQbU5pl;Uu*UU+g&~3J%7BXZ*)bzA#I{o3^tiRE{CKGaOrR=s@x;1Lfs(vy{qy|J zL?c(GGa7MqTP4(#9>a~^E;2CmRO~RT*UVUhyolr%2@L{Owf0uAKVO`ADeZt1tv+Gv z1H6hEruo$U_D4NkCYuZno!y@a=ZF^YTAxg!I`qu@V^U#IpC9tWSp|^MmrX`{Ve&RU z*Z_sZ8@QW-Wp_LDeOq&EGJFJN4o8MTvFRW$z0`Q(kJ4GR`#1j?E;adl zmO;P-IDIj>fi66~elb%o@5-jEzobu3TXKT;Q_J}SJ736emv#R;7qk#}dNGQnoCAQ> ztVPT0a2D_{`K_chp9-o3K%15!+ORS$qWDOQ92ygqoKLpMAo`x8nYDnx1xbM0G?((z zQ&p#GTQ7_6+t|PDJfaB?wxP=XJNZ2-`FQ!34P`T?z8ivm@aQ_*atPT1%T=3x*@*_c zvYDn|A#PUeu{27;EHn?o+}314d&k4u`fp(oj_EEDna`rXUpSy7R-R9H6cm@+u)C%T zb^C+)Sn~iCFNrH+9|eJp;OhK0CDPy}u(?>&2UobIjz?(W@fS9Q2(RbGlw%+*_eZqX zn_#-uob~Gm6IN#S?(5u5YO3;u+Xox5pFyZoa}+pDa^DDsT>^J_emR=O_I}VH7yTyR zp2d+Kb5#-8i!8=}ZD4ZJ65gBkt&7R=T;P8B0veKA6dN~+Iv}U5-u7yqQDm9h;{;S$a{ej!%^IOD;mi}-X;Z2`1?ql!l zg+c#IEcbQF+v6Sol3gwLw3zUsvsEmQ4=MZtCCarG1Lgvh@Lk>|tMGG0Dq4kN0FP4k ztwl8Qp{mcxMyt?>c+)Nd1pfkT`SgPeUnhOF2ZG3XvtN*x!N&bO27zoouTIY%&Gt62 z>4#9+$n5vJ!7%!|L=6qw8c!~J!%?bh1!Tc7&&P86$zSq!s(nq-g%8~=KnMu+`N1bM`wfPxW^hXbMwqt5S;4P&By@NA3|og73316Zo$9p@gdDl zhSvO8DXAXQo2a&8_@XJ)6QPW)`P^~f?Q%iAt8QzV+I5`ThPxHltN2nw48||;n22F> z1=&^q;~q2SI$XH5GLthH46A_^=J3c%yqXj?&AA~Xr7BuQLDIuJHtaf)&)4}dy5SKv zC}4f5_&GL+Y+uRS?tMLWkx6xT=22;BpXbeFZ5wDB0!1O{Uy3;a27!0%bA=82w#Nxi zDQMUoWlyjryd&(tEyS+jZhYZ7|2!?80U0rY{0A!4p1Us}36emv%OoO!PNLE(E@un( zWCwX~l+Z~O(uwhGhB-DRXLv91l3vY?2tpZ#W6Zd2=p-sC@18|Mk87=0){^8b6334}<+PFKw8i5bc{DKfHZ6@EXJT#lmOD<2x$Je$ z(wV#laYc`3%LW(rn#L$rbVDGU?_vr~%|@GE2`-DvBFNOBAk1XP;?;ROt0xSK<>gHs zzDbw|y9PdBFyL&)*|85$SoxAfmp6-PZ`L$AW~}dS(aE9CJNAf`}IcjK0|RQ&Y=h zn?C=&sl%{Wg1li1%OcVJ;E(;G)dfiB%5UGYhX>OxJZZ4qp8;*T_dNukoaoKHL)xB= zIX@KABoh9CmizjBW`FwID#Dgp^qeYhS8r*(Fr;Eu#$UPsyZR&7vW0d(*kmwsw?UTR z-0~31HNJU>buytMuwx2|S1Do~};q*5q z@pAsCotwRiF4L@Av*})|4%m=%Y|rxD4&Up_SRa!ZoLBVcz1k?SosSvKmJbk-Bwxc8 zOrQ=i+Vj_#*oD~ zUffXNUlH(!quk5q5`zP1B?`$q&JXe!LzCI(`wP(~hH`kA**T_|!|F!$PE-uV^<+?n z@_<+=c9*sBXs!?1>}NKQIk5oJY_^{>VGt9M4()YrHV8=0 zy}>TuiN_kU-Yia~r$&IM2IPr+vX5L!T?g{=PjH8XrYlJ0-4Bd}sw-PEp4qsProOOW2l`DN>qs%m+E#6T;#APTfz9i zMElekJxgMW-38?+_~`aTxk&NI)1*JQ1Zke8KVm(0Y%KSkw>iD{Sa;oe=tPUEL;o6s zSfq!rlvSuJcQt#*@pD0g1he+3sj0plCZiSbnDp4nj87S#lj=!-ozTdAeyJ$kkavYr zkM z>%}b4<~X&x8C2LM8HI>?o3pfI7|F4Yi{#kOeuNSvmkLuJIUz+1yNvqG;o23 z@MdDtjZytD#98ejh)pnzeaVwvZ%tukFEs+o#V=AVzOth^x=%t#DG0F0b$+&fS3gd8 z1hwZlhP5y;d!VZlq>^-Y6cIb;OQ_C(!rGaoEq=k$J}jVq#ZtK|^LSZAHXEM$bqWsi zpi0|n2Rys5Nn{JkUZn;#9JdlM`sEr0tbzAGX;4SU7(h8^5(r(( zx1Ic#WBqD4o%N~CqA70nJ$C2h*^E7$XZ04mSsw=g>l)9167oxMY|;3l2&Ko{h|%CBK#hi}((hl5x|?%!PXNxb=32fYYVx*_T)u}m(t2fb zX#dHt3V|mxP8K#uSuJ|vq2&%gpi!Wgs%!uX#(r%RZ~tHz@L*=D<*)eUN|t?`2LPCt z?xikp5c}(aBn!Qjl-DkgV1>GO=Bp3w{nsvwb{zSi?gm!T8FX9O=!graroc#ETBbwF zN1BZvuJt#MGBd6S>*~$rbb(Y5ObP+NY> zHSD&c0oSh19u>CjdW@xz4bm%?!ppU|>=OgmsLvMmVI?XnEe^+^!|VXr5w zOB(_eZ2Sf5Zc#DLUJ!{orxxZ7G~V*;_?m=V12CUg-e_;9L}I^4 zb)#+*sONM#xf?~O2?gAZJY1i&fo>63^kfIG-P&b+HRG#eT55H!N5#ybT$2gJhEpwI zIBFzH2l?b`sojiUEan=k*uFu`){*oc>T7W^B~Ja_jiQd)AG7HOB<-`&uGMWW9siH( z2@RzHs^I!9yw#v4GS04*jJ%U0UpC{w6)6&8bW%ugt>VbO>ELsJ9?)oM!}OPJnzUQM z=@0I&tmE+ntJV%XKf4fx1a#ta5+}!o={L;mOWFLkqc(OC&9c?YY62f2YVM`syVc_m z5ob+T39n~1r7!~%6MyfTM*eV|LG-*};IWww(kQA~pQU*h)Re&2JW--gyrNRfi!&ei ziBei75T`}+mgXfWJfU5R7&knH1v9n#X$7#-PJOy1MSAs|_1DSP;AsB&2i=_%&Lakt z%$bRWv49BT>L-N-Tf23~e{4wbhllu7rLJ#Z7^{lM0i0j;FvG2BC)Kyy@{Ma58#ca9 z&%FQ>{6w-uv%bW;G*;SGAYBG)?z{S7ZD^~sS-9H#{@JRwhRkdOzq=CM3eB_8RG)L4 z8eL%XOqO+`!5N*#sfANxM>TI`4k9Gha{B`Bs>RBn{S;J1yYm;GZnI|(ocDp`MvQE7 z+zi}rez-GI*3?v^{wSwoD}21dOgJEiqFZzs10YIYhu%QtT8r;+%uqdRldHGGd7zv3 zJpHo6`y+Le?PwjZbB{R7uZeQaWK}5*Y)MIo`3pQ}YH38DK$FY z(#Acs^pX67{F96V{!t)N3FmmxSCxZ>U;DXJbY+v37ZN_8f2Q8B-3rw}w~6*-`c~s6 z8In8KaKGB2v&WK=WoCXm2-sF3$KcU9mvhHg9n#G^rSrP@Z>y@R+ICuz)Hukcgk;HM zN#*kN?&-oKquq~|*MuFrTcf>C0di!Ng7pEN(!>`QvB*P7DQdl);AY&;ZV#^)>oh8W zr*FgTUK%lK@7mDQ!bvY(f0KgOc}RkQ z{<(iIzE9jYAPPTRyYg)XL(*1)R=Fjj@tz47mt2We6?UgLRK00OFDiCl$qfM3Pk%#S zIRrMU-+9D_AtV`YuHOY!23##SuOn3MT(2}oS@-R0f3d-&&5K~T_IwGhcIo9x6IND? z=1!_;K-BEzZ%h<$4+--2p6L$;u{n5k-6H+c;??1j=d(c^i*jllkeX5JQ5_x3%T90br-VF)V~W_4yurB zp5!HKG>TJ z;NW*g03rA~DK=eFyOcu15cx#&GSdMCW%Ir4)cs=9BlEI~Hqv2Wqc67XkByCm28a_# z?d$1w;f|KgP(O}L0|Iw5x-D|N)dfxvxrC)L*XlzcZg3a>P4?p9C8w9swk#%r;&pyJWFzkM)1|rx z-@Cx0%O=tat7uaQHI2zcu&Be+i}hFz57nVdUdQ zHz*c2)i2|P%t|jIEtl0To~MllflqQ^R1bI43~Y)z9ls8*IH(4GfL)&DjC@P3r=&? z9jOJ&fGJ@iUx714fVJIEBVDdpZC~hU`Gkhi-z~*+3x!#lnWsaJKy^`C(Fg<6(I&zA ztQWfYU%ZQ*nvNIxj()J>6?HmEj*wMoGSEjJ`sl>n2ZAd~WD&B_ZI@NbN;vcFz&2J{%)!y6(O7o7!R{3i@AMp?wR_*;|(w9}S}LJ#~B+m~Acg_Pd4M|djvz-%?Asm)|4~F1mG=NdPq~9+vptO(5S^$A-nS{Rz%TxboqXw;#1uvuc%q8!cM1c#VyD@jwstAu@Lpa1tgHuM3>Sm7e=-w_JHVh z59)UHrDZ80nUi&Pv}{Z(s|TU?zly9n!D ziJ>P{_@8#dz9xyEpZBVI-BT;-f<$&`-g0K;91kt#XIb9(-$A~e<6(gXtG$mujflGATF6S00VMCJ-V^YZVoq9uo{tSq#0ODf$*VwD2=6Ou1rNg^zz1CVab^L~5^BBvfiQRZ|d(96ZgzryPGv;siNR|e|bz+F^8(Kf3#Lg&heIU-M5>g zL-IaC^dMGUlN7<48CSQzR?Og?*PM?aT=HCc+SX-k@XW(zZTCq$o~CHY9ZSE4Pmt4X zxcd_7{IF{tHFNrUqYHM<$Et^dc?rYL&rZ4!PIW6^D(ig}r5gmKTs*9(3*kFe}_l=-MxYI0@n^SK;~mP2A2G0wrtAAF^nkw0C6wF$YzGcJXr5~ zhD~gLskL0sRO#Vi4-9oRXU2Q^RsF`7su58mBcpNI<{BVIJ3T6Q-yA8nyQWjTHJo1o zSvv#??AB2Erbk<%)~hvttNs(hX*I&f9;+CJ=~U}=+k*sX8vF4?Jf~_23_+cH=T)1m zOKD+{9BCcGgcNfwN7`u zDXnSAua8F9CTh*%FSON1b_0`L4vO$Tn4> z7u{D%R7+U}jUVyyjv^RY)zSo6A=e8h79ZC9MRA!jcc2G?eJZa2hHvGbgUh}s`uWi( ziZGi|nY)aS^V~6A%{3|g=A{53P`!MwKuwz!*KaEZrRzc6K=>t(qkJaS-tahCMYF!N zF2x4pNM798;l)%0ezNwqN$wE|u#22o6bzCAppkL$nyO8Xq5nCEtgij#?0{BuySJRK z6{tQspH+UL2#0ZDdLXo*RpZ|sYb~ckOqeVw3(NMe7f6kLEocbPd+l;kWBzWo2lu% z=3i|X-yWXOcX>E_+u%a0&{-XuY|fWOZY$lPqH2T;iYjo=#g(nSm1HAF^}p~j>Q^5K zb*P{e&$(&l<*A^I+nPm062-o;H-6fI_7rD5o{ZY)m_Of&Z=SC^9v_PLJ2#a23h=&` zzUR2XSxLvgJ0eKTz^r)&>nPkEBVO|5ljC!>rxjIINq~H`6A!c$3E)eY@_4;G58ST zwNw&8l0*N~+2I!l=zFIao16uJv&yp@)AMJJ)?7K+>xs@61UYe%`%~Zx*brCNfJ7U+ z^?y`aWpFm|#j6`YPTFLHl70?A6g=?VsS@{1k8RtjnNJ=YQ~v_!teR5b6RRMgL=NR@ z?H|x_3-#qR=5N$o=6xZ!M+Axh*_vf!m^nW$6ak)mf~4aFJ#U0cWbhVM**yQj3Ft|t;X#Ik6{r5SxeShq3MFN-5`|{Kao%G(H`~^U}l>f86&BuT3DjY|` z|9?Kf8_$paB^3rYGJ!&fz%_CI#5*euegTdqkmf?%zyA~O%}Va?#0tEL6>ke|AQ3{R zcPYtc&(;55ZJIZ@diM?2pz2yzYfk>0A3uInR#l~EQjU$Mcr{x@E@HI#2%+!?>jPzh|&dqb5#G2i9RUSejfa@N6G*MRc|S)dUqVYr2P) zRE>q0%`@KaT&$&nOi$0cFShkFd>!&;W@d(!OZ3Ha{@{O5T%qBQf<;~WSkfoEJ5iof zP@t#R>BP0vPypt5$~ZqCfUfW=DK0Xyf{NSC6FS@i7UOYdeel+w$CPh);stRtejtE1 zT(=lXM^{rcIJgKTEa*)<;)MHNvq+0#6pR7SbwB1}1$No}(alXtK+Coq^@jG$$b@=E zy=f1jKt1_tmR4CJ_$(c~ghiF+)y$oI0CU9XctM%)!|tHyG}0tw(YuWrBOBpgBFm4^ z({dX6rH&Br-1meZvs~4~>)=}di{byvBnT-U5-MrodBSmU+G?R!;^1SB1%+fAE(nhlL?c2GB!2= z?t%CxIzse&CANc%`ROJ{<-^yni|E<|CEZ^@A12TvmU7FqY+cD}(nDhzKUUfbf1FlC z#kraPon_lRiGIUUycS8VHecbe=6)`b=R4D=`kHqI{r#^wtx@g@PMa;Cie0G<7 zcRa+Dx)#5D($h{*-t`LPE79n|7%3(9>#dP*MaOu2!&jx&SM=X6NefX6tDUa&=zrn)+3VQkQ#?2u^NozZ z!!KG`PnC-8u>CRDYmY}kxbUD&gEdQ;^gFin95=>)B2^5x>6~DPs|OWOnD*AO50t5u z46C%dBD77%dCK^x+Dd;r^eu|9LCX2RIrn zSwS9eq8H^d133G0*Z2cJl*v~dNNdJtV`xl$;U>AXhm2)1n$EGy66UBz!xco8r>=a2 zN}tNgp@BX%b|w4O$*l1uM>XkK7&Q397L0rB#D}zo`fX1Pns#OJXK%d&*0vSYKtnkC zHH#~aC7+|CX?lH+*#-Pa}KU0UQxozVszNszA^T zk~z2n-g#{W{S|vQ_`}Znvk5kMf-BTcK^0i<6<4MYnZnQ!!zj9_Wg&D3mwK8I)nrAZ z*^I`KSVwaehdn)(gi7Hwut4_Zy1|86{I}lq>x6D-bmVK|Eto6ad_~`a+qOZen@oIQ zppecfQsxsRmx*PQ8T(Ys78%(ZYT#62I{O66K-}#hu-Z#JChQjQE)31liGoL^_@*4q zxi57H!^fhl>gqm}7}rhl=0aQ~qU4>nwK;wc=+R0=?sWABo@IbJ+_Yx6It^x~rqr=j zeAo`AFh5F@L%IH#xt%j6X%`1+Hd>&ZrsaauRV>^fh4T$FmVl~z9am@-v2V>!`e!)J zLsk0a$y-j9X=ei3sSN4Y;I|d1Z$?U69Y+>ZmvVoZo0y*-YflAIq0SB-lKDA zx(z-GSv)3w#;AGs;mxL(iGn@K8Fdp<eFm?l;KG(qbN`d zDdBa&t`Blbl~u~qFCfnQxo4!;6*jZmHM6I?b^^cbQVw zktvAP2UkR&Cl*p|veGf}zbSs9$Uv$9drM2$z3}&5@yr|7zghr?*#mIy72@lUJ0RDU(c*SDd62XVCyGaadtog~1Efx9_+^ zGj#Kkz7=L~oxNULB8gD5fysGsoIRrPAfDd!#Yl z+jN(70mFV3ekhHw9HD?pxNK`8={V`x&)KOsqCdqemsS==00x_iXbwhP_DsB8CAXU6Hut43{0_{5}=DC`Py&PN9A@y{!khu`n&=@tcvd z`Yc%V8WmeuB!t=}8ejE||K z1!$$~{g1oflCVWuriZKPsz$J=Ym_Wdxp4SXcOn6w0*vP`8s&6a-|&|9M)KmGz4>DD2k(qe zuZ?T1Un`YkwD6L`aSU+NL}T~*9a1Pnav-*TetvmJVv%347!NP+}SYB9@W|(#}M<3ll|0 z?31xG91`Y8M(Y$a4HRDw?5SpF`79xT&C1#ti+;2?{pGq$)ux^>BiX*)@A= z897F+6n3XiGfAA}63fp{)2{K4wQ_%hsC^}6X8r_Q0HQS?Mx$5}rpJXfFV;=GTv2{+WHkHi!Hb4DMI)ubmjd~a5@udr@Lsil zdBtP{cP_vVcuTot&p!b6o*Y&Q4aE7?CyO~bpw^=z{hI67x>!H^ZVOY_HJGu*5(GL3 z%`85&$+^JU`Ac#{9{+eg%gb8{?$#XdYUUSTuX2Ko>{CRTx|h#c@zYb1@ivFipg3o!w<#5Pa+=ImoIL&3zC(OoJw=&k|mRhdsA}4aNjvlc}eB74E`4Qf7dT2m`{q{Y1it=&&%= zXqXiOVlvOgR_6&G32=F|vK#@q3*?*wQPiKS%n6r0U8xNezlLYj4QLN~R3s5nYSm6Q z>(x$@z!wyeL5YY(w5J!>DUFrpqDRFF^0Eu7)w9ejlWn?`V6dfM%rs!Cc68WcT?QZ7 zf4IbOKLp5OfU68r{m#<|T4s3Gv*Ign-cHug9S_sIEN=|+Jv`ZQP=>m_2W2a@zN8ZQ zIUOmMqQMrH#S}nRN1;Y%~c zrW7$VpZV0_09@3rcWuW+5x^AxMkoJ2C+qH2Vs09|$PrZ*wq*jEn~dJ8OIs}A;n-|E z(SR?{1>yi{VxoU_X+u5FtnyleDe=e);0BVUk=b}4()UYEXG}Bqs1RMm!*vhqy&KpC zuDmcGN6MD_3PGm1I{TaCVqQWYvMx8JtfJE4&L!Z*IR?ZFs_9PIdkO(KY>etX1O=eG z<`es0`@6xXtPU>cCiRQ)-o<0cCObMQj_>~t&%n_vb`2tb*jl{NEQ*i6X^Z;p{SXHa{8_}}AqkJHI zOpN>AdWhEJx~z4Z^p=7^BXWM8T8&=W*-|e%M?s6;T;=A=b59$t%o|_jKmGLZ5VR6z zG+9&Fp2dhszOsk#rH5|`4AN#x$W~koVTn9x*2ma>I3B&M=& z5yqNrgb-seGw-?Ydq&Uy|Ka`ketORD*K(gZ_c_JAU`lv8u{pA z>Bvo~^2-dsmQW~2Q}ex6wh!U4Ly2eN)jeyWw$*pF|1NpakPJH6&X$u}7^A0G@|F2t zS?fdQ49>QV%;Rm4tO;H2V4_MndFA9QetZ!$0twJSX-zmPh(7=Yoba@Y3ao??@LdI8 z_y8qi(=|ztmml4$pn#B7;_Qo}xcP^Hlg)%7y!~ZF3Db$BX_S8qkmJqM;^%EN z1`h|;z52)OlPb>?aEl6*a%H^4p>TNaVt;I>dRy4JbxR>I(3C$Bf;%K2v=YVkc)@EB z33rFHtpo^GhQmf42WtsyL45++;8*sAsk7GjY5wOQI^YT%pc8h=!4&aGe!0g40jS}_ zPvD*jzw$Yeb?m7D9rx&D-6<$?9raVBUiU=DKD^{c@wz{<+4DsuLbnIwwt?!V=9P#S zDYr?OiaIiz$lHwUAcR8QfKuD|BaZo}B3b8rsu61&N z{c6ouIuag}=w=Feo#I2OP-}o8jFCpWbrP=W=X2<>JiC7|O2uB{+F=0nrlAy7s1k64 zalJRP5Y?Ti`ut;eT1f$}JP!Bn@Yf^A{l+E*hj420 za_sR{NCXk8PLktVEax?9FF2V9vwI33yi%q-%H@0z$S9P|0iD(5@+D;BJ>Vhbj-u>~ zvVUG#f!HG8U z+d&f(y7Y0k1VwV%HTe5oDG>0K8^~+KIbLwERzYtRFzS@@iY1iT;pB%^67N7lA;qa= z8&;k}=z(K6? zkTkg%OV;=hw0zbhJs0XBL-|td_A>AjD7Y&F0{i6jH670~I_5ib@C?fDdKyG{jXN!S zPC3mEbfn$v{Z(`KDu7mQjGcuhCFuEGTv<)r+Xta{86uIv5>?+ep~XniQL50sR4dMK zu_%DH@G2hvT4-{N*IT!Je-K38((6L4Im6CBn*4-qziXPZbK7Qf!L383CHz;_CO<4O z;uYKB;dv=VticX)(K=>U?{}4TTgcpNVubXd*pssyTKiIL+_%%ad43bxkP>1Y8{urS z?=pnt;cH8Tso0>v@t5|b;2TOe<0pKyeY)Ly00^fzlFrKK>b|uZ(Ori=X>V2R)Hs}4 z)AR&;A3{jg_=lzT{kAHa^D14yO>cgID3>jIgd2*diyXtO++NlNx*~(uMO5{U+r>k2 z08_*EXpl;qgq_eIhtO{Idh!V?co}3sd@*sUXwRFw!vKTn7e9YK<^z6(N}rsxkm#H% zZK|VWPH8W5a^8d~4^a@0*HBizdMeNKuo1~_fyVmvNwVzLi~B;yIqZbORe#nwVP18@ z-Lkt^-Q$RJR)OJabN8j-Es zA!&XnYD6n)M0b_0=+p0h&;(cqo{S@XJUih_gccy}CJ46m1{B%T=D6Sv!haw)%O+lKwj2O~ zk`lys7ILWQ2bFgvca-f=D_IQrVvB#)xPRkQXgn^k&^K62W)Xj~Vh6?X7n)g>EUs!J z1D#LAZG%7p#qD82RAgkH_>|CY+fp%GBT?Vw`A}J_1BptK@QoEzw4)FKM4# z*;ZS8wr%!uGwYv{1DX7ZxpS3!&(H>9A)P75Wfm5r=)xkjst0$?4TdtX4O7ge53bEW zB!Q6z>s!$3sC@Ajt@`yHQ3J2Z?Ni0USXQ%ou(WgcbXVNA{NksDc8rnZ5dL%RRc_{M z(0e<&$k~ii#ys~rRZ&3}LDr!aTs<+U-0F|aGbKpiFH~H75x7&QA4dpsy z&K%E)z!&x|M?p&LXGKEM^@x~flG8&N7TA#t^iNg=;RO|=Aj4+Gs6ol4*o4VjCAE@1 z%-Ao-^}PPV@0^`B!I~0vT8hC!F_pOeHp`|Hxu)-C3|OAj9VF-UOj8Sm@9U%XLjLZ} zTex781Duj2D$8C!qML$Oy`zWGG0)}6}@ ztQ)5+>)QjE)f1$+LKo&}<0pwBKE2ZRyWykYW3k9OR)-D z|HypAOuhFlJGnDvpYZ5U0p1_vfxxuw1|cQY?Z&)zs);=(_u8`(U*(nAx%TgMF*$%< zMz?$wX9YpB^HlcxghJ*#)_~$mvS(SkED`eQJev)9MG`O~Exf>lP(0)qpHs8)sUHW^ z#So(W)$nGD+?o5kR;OfNw9KE`oqcqJ_?-fKeZ8q*`4^%t2B2fNQ3!9z%VPyKte}bc zs!o#71!ATzZ+MJ_#k$z74@yN7T=T5J04uTQ`Csf->up?*bBgEEqX*a=)Ct48_zj9W z4N>pN$BcTl77vmP2v1n!&|*f^?+DespnOw+yvnlLOV>oZ$XYFgSREN^*Y3LFEIrt` zS&hD+Cfj>GOiD@P_5 zt>qZ>cV3AqcQULcR^=)Us){Fs>R}YNZB<!WS$j2B=TN%y=VcHQeq`K zBwwFWZaS?IBIzKMp(;K!{$ljvm~#H z4v$?Wlv7jWlnup`?^s{M{hb`OYA*)PZvZw-$CA1P6jxtOvpH|dCts~iR8lfs-)00^ z9f=m2Nfw7l_wgjgan<>HEQCh44(Dv<_0IQW?JdJuq$VDb7#`szg~t{+;55sUdy<}sJ$^<$v-C2?w*+ZF;?`D|e<;nWi)hEiEd z(>H2F4jTAF4~d|UbgB<41*+YfZv>aUsNP7NJs_0FU+!>4^5FdU*FSxaiSi)ToMTPL zd-zvRP6U&Qlha+z!v!^M=dqIBh3!lIL>klcT=5KT?DG%_;{RM3pc|Y#=Sb8$QH2&* z1?S}DA;KlU1Cm@iq5aQH+lRXHfpXzl`BX~H<)Trv!~D$rp7wJpV!a7$oHU61%y1WukI=XnY~dduYeJ3M*Cb)^Tv!(Q_yvO zZ?KAYY;p-RdR*ceq5j0+ah#IM?URfpGijH|uM$KG zs(I2oXWX=i<*A0fF)_)MwcjiOap=+yT+`$P$V$tlFC~5*xB-M3DIB9*cOxGzRI%}e zV_ykv^z%R(1$Cxv&SiApZ|o%H6d0*7P(?uAuQ&bIX#&oa?$g$g54kHgY-fw_ntGYE za8zOFt0s2SSLKEBv3@y;|g)jjo@`!V7SDb@-05ERa3 z(?!1+sz8&0N?T z$IW-RwMr9s(jyf_2UT|srFpByVag76%3L=cHf#7Rc`%q&E%U(r9@f=v%DvU|>MY%G zl3LJ9Iy%LQZCS2cey{VsdTcw3`^!S|IOwk4d@p4R2Pe5z()h1g4<<_$GxoSN*|cdkPgc)-G76u=q%LLL%&J7 zHmx+wU|sGcDdo^QzLTfESuK95`bnFTxp=dU@r1BHnPgSXI(CG)d3Z{gm3MI&y?c=5 zz{F2$9st$X=NHg?+&u?&bCFvt{+BIi*zp!D{_!=FBazIhD;CPtW+j zA8xon^DWV4b~4uq}Zlt;i%QqFlNMV)GrE*vMT ziiWMpMquu4dXdR7pJAY)fKzn!N47L8KN2~q%TBK%|Hsbu+;bTow(%x-U+}2EIfbo? z91DSOkH7^33^J;~-WAa6)swVcQ0KTp{uReewkn~%Tmc@kZWkDm?=9Q$So6GVV$x;= z!2z^W_~Vv=TbI9wbTsEP2;~?0y7xi#T0nKPC10)_#YGAJf1}L58F2am^$I3!s{N>mea!Ee_GQ(x0s3jM*M)w34EYgi2jJO4&!Cj= zf`I$86}++bGB`A30I%@BuC%6E=chI*L# z<-)EwSs*z9L{I(=kuq->q=MP7L~^&?K_0;_^q+>1>H;_;5b$(^J>}_8?zXy7Hn90R zjM*pbM5FS+K+zW5{2Eiu*^tFm%%*~KN~mA?80bfg*d`wg{0wOA?IKuX9%PLnx|1Wa zH<`K712*ZfjD=T2;q2kdKTvFcapR5_qjX0$HaI?vRcs$din?Js%pQ$CfS}mK1&t00 zj8Tvv!*qK7Ved(#4&{7$N(^3gR1~0{(=EQr&0AMC@BJ{@!H8YS$%DJ1z*rLvzg>$= zH@6+raVP~QV=&7K$mdMo#>O7JurFQReyn&W))2OW`Oyh1nfv!Xi1&;u)ef+iAm6Br&4v)^ z@r-ir4agiALB44O$j#A7c|By4fs!A~-haTbubfRy9Hv~p`!Cr4SE-12@72)MKeADw z^|x)z9|wD?pN7|>ClMY|OdhOKKZn-gD%28iJFF()Cv}j=@)Vt(}DF1$19A z>iNVt0OpANyWnG~-qKinD2=0nz>eU&hNTlSL)<(#OFF_~-11$@max>yRRc)Xs@?M7 z+6K=pXaqG@VG|P*gf7NxBB8kfuF3~T^gNq(M5EP?kjg;XETmm+a`9G}&>lpTH~q7} zUWBcRmN9&26=Zx=)2>#Sy)A~CAH2W0Bv#{O@0hw!Vx19( z2_1sL^~0aGBc2aJM~-qgIDciY2sl#>)%m=yVbok>RAa&OTHm!5tJGgQnJDv=Bp?T` zh$Ar8*VSG{Q74*(*G=b>^lq-M zZe!!vtr5Be$=KP{S6owJ_J|(g0{5Ll2kjlb$VB6*H-3JeW*pQi!xyGK;~55Yo2#sm zK;P-VhCXv6z)Cs`Yx`no4b{SrJ)TTpsjo5 zO=m{Wilt9IuSv{-R|2d>=-W5$3Uj5xF;CQBy2KR%iq104yX_soJvI0tE9>A2zPYv% zVzTYZIx$M$HLqEVAIaE=-mn{n1hOM)esE3E7nb@$7W$3#V23?4D0eFMkcZo|PXqKC zkM#5f&!R4HIUf{x=rD8itdDB*5SxY`7F_ftdR!x_Qlh*N!wyQLCnT)V(X+jzC+HM7 z4q6smfyKJSZ@RgDf>N(rHT#$_9=kyZ1|%P(my3$uTs?y3uGHmf=os_x8v3dWBN!Z8 z=ETIrBx2mn(VBRvugyGT%|PMyB=Jp-t~qOP*wTdkh!lI?*Lx~z-<1Byb;OV_JZ z7n5IiQ__W1MSl9lZzQo*bE6j^wKLv*>b;hMH-GsP#x;FgKrRRNLg!k7tJaf7@m6W2 zO_K#U7`s|s>%|H_yF?J{PjeG*(j0>5Dg4Rl2@W?!>UwRXrfRK@g5zH?v)+nevHN z6@NOdrm2#hX=)D0E)d3Tr*@yCzCbL+QoIBG)2+2sK|u8n!<6?6j_~$^^l&{YpD4z< zp%;i1e0r4^Kw6d2d%sylzC|@ok{g6|MF%<_eJ^HV2s2wm^A4=f33EIarHnb2WOijs z%aJ>Dd)Ji^*D)$D z*V)VLm>k&^Yg|c$=T}ZR=d9T4d#ChUkhB%4jHJGuA}Q&S<*V)g0|>zw2Rfc!7TJcn6t{&w}>75B&RB(@j*fLT-LXtuA;=5 znHd}8b=(!Ig+f3OCB9Ou-{0zNYz+1OeMIy)sI1ZBX}oisg8hd5c1o{uq{JN0TpZW5 zVB7Avwf&sU#P@i47SDpl7kQ*2Yw_@xMcy;NjqkM($=;a_O_;AclH#_v5w)YX1y)UEbc z$K0X;eR0kSjkczr45UnFMn!38 z@X>5-@+rab!KyCi-?OW<+a;eHbd~jwBfU?7-WB=q)t3tHIlc?>-}C&{rKRbXH*p{+ z2`;q?(ZSS)&1Bh}Gp!=RMugcJ#G0i|yvnr#kcM9(n@Epao}liaWlGNRbCt$1jLBc4 zO{6iwvQlCkV8~jdfy-X656Wl65+Y6vj_}Rmhnet?4?b_y<59x@y*NEBeWE}R&qsdh zIwgf4r>Tfz(D2R%g$mX+@bU_}B`v2K6Jv2L=aM->7FY52ePc=3 zX)4IYdcrXPz8i@n?@k?6+#;Ku?Eka^xCgM)pTrJMj*T`DSiEb@La=$>+IdDBbmZ&dv{*n z3hN-??vJWWvM~^C71^=@*~WAiWnY@N_@k78!O`~Uanuq{5!qK!fJ^oBuo ztGk{@cae(x&KLI=*+d_q5>&9>YGe&v-W+lZb-DQL$rI&nntgZmRCb*t2r!@5`)yaE z$-L@p!#YU5B});-<|$^g9t@TxPR5X|Mcc78(>(^X>fYBe#F zyq{XI)!_{JAp3&$CwUF64M)|;-5WBe-xSQ&tJ_b|`=^|i%j^~jMaxgC8)A~}b7Wbb zDl~PKD+?A6JDsVw-phZR2@)?l-@|Q|gBf}Ejn?_X)253&H?`_}W=?_iWbKrR(H+ z|Eyvg){7F#TX-rFCwnUIet@Ui@7xIYvZ{Yt>%@)`Q zMf^ux|FP450tDfO|3oH?f&Y}mfBN|U%mSIV4_GyKzF_`Y9YlNjI>slmk2~D{AE0wr A=l}o! literal 0 HcmV?d00001 diff --git a/charts/grafana-sampling/templates/_agent_config_deployment.river.txt b/charts/grafana-sampling/templates/_agent_config_deployment.river.txt new file mode 100644 index 0000000000..c78b8e702a --- /dev/null +++ b/charts/grafana-sampling/templates/_agent_config_deployment.river.txt @@ -0,0 +1,5 @@ +{{- define "agent.config.deployment" -}} + {{- include "deployment.receiver.otlp" . }} + {{- include "deployment.processor.batch" . }} + {{- include "deployment.exporter.loadbalancing" . }} +{{- end -}} diff --git a/charts/grafana-sampling/templates/_agent_config_statefulset.river.txt b/charts/grafana-sampling/templates/_agent_config_statefulset.river.txt new file mode 100644 index 0000000000..44e8b7f671 --- /dev/null +++ b/charts/grafana-sampling/templates/_agent_config_statefulset.river.txt @@ -0,0 +1,18 @@ +{{- define "agent.config.statefulset" -}} + {{- include "statefulset.receiver.otlp" . }} + {{- if .Values.metricsGeneration.enabled -}} + {{- include "statefulset.connector.spanmetrics" . }} + {{- include "statefulset.processor.transform.drop_unneeded_resource_attributes" . }} + {{- include "statefulset.processor.transform.use_grafana_metric_names" . }} + {{- include "statefulset.processor.filter" . }} + {{- include "statefulset.connector.servicegraph" . }} + {{- include "statefulset.exporter.prometheus" . }} + {{- include "statefulset.prometheus.remote_write" . }} + {{- end -}} + {{- if .Values.sampling.enabled -}} + {{- include "statefulset.processor.tail_sampling" . }} + {{- end -}} + {{- include "statefulset.processor.batch" . }} + {{- include "exporter.otlp" . }} + {{- include "auth.basic" . }} +{{- end -}} diff --git a/charts/grafana-sampling/templates/_helpers.tpl b/charts/grafana-sampling/templates/_helpers.tpl new file mode 100644 index 0000000000..eabc133596 --- /dev/null +++ b/charts/grafana-sampling/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* use the release name as the serviceAccount name for deployment and statefulset agents */}} +{{- define "grafana-agent.serviceAccountName" -}} +{{- default .Release.Name }} +{{- end }} + +{{/* Calculate name of image ID to use for "grafana-agent". */}} +{{- define "grafana-agent.imageId" -}} +{{- printf ":%s" .Chart.AppVersion }} +{{- end }} diff --git a/charts/grafana-sampling/templates/_otelcol_auth_basic.river.txt b/charts/grafana-sampling/templates/_otelcol_auth_basic.river.txt new file mode 100644 index 0000000000..2a34fe93ba --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_auth_basic.river.txt @@ -0,0 +1,8 @@ +{{- define "auth.basic" -}} +otelcol.auth.basic "grafana_cloud_tempo" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.auth.basic/ + username = env("GRAFANA_CLOUD_TEMPO_USERNAME") + password = env("GRAFANA_CLOUD_API_KEY") +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_connector_servicegraph.river.txt b/charts/grafana-sampling/templates/_otelcol_connector_servicegraph.river.txt new file mode 100644 index 0000000000..f3e97c52e3 --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_connector_servicegraph.river.txt @@ -0,0 +1,20 @@ +{{- define "statefulset.connector.servicegraph" -}} +otelcol.connector.servicegraph "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.connector.servicegraph/ + dimensions = [ + {{- range $.Values.metricsGeneration.dimensions }} + {{ . | quote }}, + {{- end }} + ] + latency_histogram_buckets = ["0s", "0.005s", "0.01s", "0.025s", "0.05s", "0.075s", "0.1s", "0.25s", "0.5s", "0.75s", "1s", "2.5s", "5s", "7.5s", "10s"] + + store { + ttl = "2s" + } + + output { + metrics = [otelcol.processor.batch.default.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_connector_spanmetrics.river.txt b/charts/grafana-sampling/templates/_otelcol_connector_spanmetrics.river.txt new file mode 100644 index 0000000000..1c12d34c13 --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_connector_spanmetrics.river.txt @@ -0,0 +1,26 @@ +{{- define "statefulset.connector.spanmetrics" -}} +otelcol.connector.spanmetrics "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.connector.spanmetrics/ + {{- range $.Values.metricsGeneration.dimensions }} + dimension { + name = {{ . | quote }} + } + {{- end }} + + namespace = "traces.spanmetrics" + + histogram { + unit = "s" + + explicit { + buckets = ["0s", "0.005s", "0.01s", "0.025s", "0.05s", "0.075s", "0.1s", "0.25s", "0.5s", "0.75s", "1s", "2.5s", "5s", "7.5s", "10s"] + } + } + + output { + metrics = [otelcol.processor.filter.drop_unneeded_span_metrics.input] + } +} + + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_exporter_loadbalancing.river.txt b/charts/grafana-sampling/templates/_otelcol_exporter_loadbalancing.river.txt new file mode 100644 index 0000000000..f2ec7ef43e --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_exporter_loadbalancing.river.txt @@ -0,0 +1,22 @@ +{{- define "deployment.exporter.loadbalancing" -}} +otelcol.exporter.loadbalancing "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.exporter.loadbalancing/ + resolver { + + kubernetes { + service = "{{ .Release.Name }}-statefulset.{{ .Release.Namespace }}" + } + } + + protocol { + otlp { + client { + tls { + insecure = true + } + } + } + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_exporter_otlp.river.txt b/charts/grafana-sampling/templates/_otelcol_exporter_otlp.river.txt new file mode 100644 index 0000000000..6b1c68285a --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_exporter_otlp.river.txt @@ -0,0 +1,10 @@ +{{- define "exporter.otlp" -}} +otelcol.exporter.otlp "grafana_cloud_tempo" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.exporter.otlp/ + client { + endpoint = env("GRAFANA_CLOUD_TEMPO_ENDPOINT") + auth = otelcol.auth.basic.grafana_cloud_tempo.handler + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_exporter_prometheus.river.txt b/charts/grafana-sampling/templates/_otelcol_exporter_prometheus.river.txt new file mode 100644 index 0000000000..9813580b4e --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_exporter_prometheus.river.txt @@ -0,0 +1,8 @@ +{{- define "statefulset.exporter.prometheus" -}} +otelcol.exporter.prometheus "grafana_cloud_prometheus" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.exporter.prometheus/ + add_metric_suffixes = false + forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver] +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt new file mode 100644 index 0000000000..4c1f6b58cb --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt @@ -0,0 +1,22 @@ +{{- define "deployment.processor.batch" -}} +otelcol.processor.batch "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.batch/ + output { + traces = [otelcol.exporter.loadbalancing.default.input] + } +} + +{{ end }} + +{{- define "statefulset.processor.batch" -}} +otelcol.processor.batch "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.batch/ + output { + {{ if .Values.metricsGeneration.Enabled }} + metrics = [otelcol.exporter.prometheus.grafana_cloud_prometheus.input] + {{ end }} + traces = [otelcol.exporter.otlp.grafana_cloud_tempo.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_processor_filter.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_filter.river.txt new file mode 100644 index 0000000000..b02087ef7b --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_processor_filter.river.txt @@ -0,0 +1,17 @@ +{{- define "statefulset.processor.filter" -}} +otelcol.processor.filter "drop_unneeded_span_metrics" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.filter/ + error_mode = "ignore" + + metrics { + datapoint = [ + "IsMatch(metric.name, \"traces.spanmetrics.calls|traces.spanmetrics.duration\") and IsMatch(attributes[\"span.kind\"], \"SPAN_KIND_INTERNAL|SPAN_KIND_CLIENT|SPAN_KIND_PRODUCER\")", + ] + } + + output { + metrics = [otelcol.processor.transform.use_grafana_metric_names.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_processor_tail_sampling.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_tail_sampling.river.txt new file mode 100644 index 0000000000..0e752a8089 --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_processor_tail_sampling.river.txt @@ -0,0 +1,60 @@ +{{- define "statefulset.processor.tail_sampling" -}} +otelcol.processor.tail_sampling "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.tail_sampling/ + + decision_wait = {{ .Values.sampling.decisionWait | quote }} + +{{ if .Values.sampling.successfulRequests.sample }} + policy { + name = "sample-successful-requests" + type = "and" + and { + and_sub_policy { + name = "status-code-policy" + type = "status_code" + status_code { + status_codes = ["OK", "UNSET"] + } + } + and_sub_policy { + name = "probabilistic-policy" + type = "probabilistic" + probabilistic { + sampling_percentage = {{ .Values.sampling.successfulRequests.percentage }} + } + } + } + } +{{ end }} + +{{ if .Values.sampling.failedRequests.sample }} + policy { + name = "sample-failed-requests" + type = "and" + and { + and_sub_policy { + name = "status-code-policy" + type = "status_code" + status_code { + status_codes = ["ERROR"] + } + } + and_sub_policy { + name = "probabilistic-policy" + type = "probabilistic" + probabilistic { + sampling_percentage = {{ .Values.sampling.failedRequests.percentage }} + } + } + } + } +{{ end }} + +{{ .Values.sampling.extraPolicies | indent 2 }} + + output { + traces = [otelcol.processor.batch.default.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_processor_transform.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_transform.river.txt new file mode 100644 index 0000000000..7963a325aa --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_processor_transform.river.txt @@ -0,0 +1,46 @@ +{{- define "statefulset.processor.transform.use_grafana_metric_names" -}} +otelcol.processor.transform "use_grafana_metric_names" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.transform/ + error_mode = "ignore" + + metric_statements { + context = "metric" + statements = [ + "set(name, \"traces.spanmetrics.latency\") where name == \"traces.spanmetrics.duration\"", + "set(name, \"traces.spanmetrics.calls.total\") where name == \"traces.spanmetrics.calls\"", + ] + } + + output { + metrics = [otelcol.processor.batch.default.input] + } +} + +{{ end }} + +{{- define "statefulset.processor.transform.drop_unneeded_resource_attributes"}} +otelcol.processor.transform "drop_unneeded_resource_attributes" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.transform/ + error_mode = "ignore" + + trace_statements { + context = "resource" + statements = [ + "delete_key(attributes, \"k8s.pod.start_time\")", + "delete_key(attributes, \"os.description\")", + "delete_key(attributes, \"os.type\")", + "delete_key(attributes, \"process.command_args\")", + "delete_key(attributes, \"process.executable.path\")", + "delete_key(attributes, \"process.pid\")", + "delete_key(attributes, \"process.runtime.description\")", + "delete_key(attributes, \"process.runtime.name\")", + "delete_key(attributes, \"process.runtime.version\")", + ] + } + + output { + traces = [otelcol.connector.spanmetrics.default.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_receiver_otlp.river.txt b/charts/grafana-sampling/templates/_otelcol_receiver_otlp.river.txt new file mode 100644 index 0000000000..386a604a5a --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_receiver_otlp.river.txt @@ -0,0 +1,39 @@ +{{- define "deployment.receiver.otlp" -}} +otelcol.receiver.otlp "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.receiver.otlp/ + + // configures the default grpc endpoint "0.0.0.0:4317" + grpc { } + // configures the default http/protobuf endpoint "0.0.0.0:4318" + http { } + + output { + traces = [otelcol.processor.batch.default.input] + } +} + +{{ end }} + +{{- define "statefulset.receiver.otlp" -}} +otelcol.receiver.otlp "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.receiver.otlp/ + + // configures the default grpc endpoint "0.0.0.0:4317" + grpc { } + + output { + traces = [ + {{ if .Values.sampling.enabled }} + otelcol.processor.tail_sampling.default.input, + {{ else }} + otelcol.processor.batch.default.input, + {{ end }} + {{ if .Values.metricsGeneration.enabled }} + otelcol.connector.servicegraph.default.input, + otelcol.processor.transform.drop_unneeded_resource_attributes.input, + {{ end }} + ] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_prometheus_remote_write.river.txt b/charts/grafana-sampling/templates/_prometheus_remote_write.river.txt new file mode 100644 index 0000000000..1ddee68f17 --- /dev/null +++ b/charts/grafana-sampling/templates/_prometheus_remote_write.river.txt @@ -0,0 +1,20 @@ +{{- define "statefulset.prometheus.remote_write" -}} +prometheus.remote_write "grafana_cloud_prometheus" { + // https://grafana.com/docs/agent/latest/flow/reference/components/prometheus.remote_write/ + endpoint { + url = env("GRAFANA_CLOUD_PROMETHEUS_URL") + + basic_auth { + username = env("GRAFANA_CLOUD_PROMETHEUS_USERNAME") + password = env("GRAFANA_CLOUD_API_KEY") + } + queue_config { + retry_on_http_429 = false + } + } + external_labels = { + "__metrics_gen_instance" = env("POD_UID"), + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/configmap_deployment.yaml b/charts/grafana-sampling/templates/configmap_deployment.yaml new file mode 100644 index 0000000000..0255b35e12 --- /dev/null +++ b/charts/grafana-sampling/templates/configmap_deployment.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-deployment + labels: + {{- include "grafana-agent.labels" . | nindent 4 }} +data: + config.river: |- {{- (include "agent.config.deployment" .) | nindent 4 }} diff --git a/charts/grafana-sampling/templates/configmap_statefulset.yaml b/charts/grafana-sampling/templates/configmap_statefulset.yaml new file mode 100644 index 0000000000..2a0a5499f1 --- /dev/null +++ b/charts/grafana-sampling/templates/configmap_statefulset.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-statefulset + labels: + {{- include "grafana-agent.labels" . | nindent 4 }} +data: + config.river: |- {{- (include "agent.config.statefulset" .) | nindent 4 }} diff --git a/charts/grafana-sampling/values.yaml b/charts/grafana-sampling/values.yaml new file mode 100644 index 0000000000..71b9ab18c6 --- /dev/null +++ b/charts/grafana-sampling/values.yaml @@ -0,0 +1,140 @@ +metricsGeneration: + # -- Toggle generation of spanmetrics and servicegraph metrics. + enabled: true + # -- Additional dimensions to add to generated metrics. + dimensions: + - service.namespace + - service.version + - deployment.environment + - k8s.cluster.name + +sampling: + # -- Toggle tail sampling. + enabled: true + # -- Wait time since the first span of a trace before making a sampling decision. + decisionWait: 15s + successfulRequests: + # -- Toggle sampling successful requests. + sample: true + # -- Percentage of successful requests to sample. + percentage: 10 + failedRequests: + # -- Toggle sampling failed requests. + sample: false + # -- Percentage of failed requests to sample. + percentage: 50 + # -- User-defined policies in river format. + # @default -- A policy to sample long requests is added by default. + extraPolicies: |- + policy { + name = "sample-long-requests" + type = "and" + and { + and_sub_policy { + name = "latency" + type = "latency" + latency { + threshold_ms = 5000 + } + } + and_sub_policy { + name = "probabilistic-policy" + type = "probabilistic" + probabilistic { + sampling_percentage = 50 + } + } + } + } + +# @ignored Ignore agent deployment +grafana-agent-deployment: + # -- Do not change this. + nameOverride: deployment + controller: + type: deployment + replicas: 1 + autoscaling: + # -- Creates a HorizontalPodAutoscaler for controller type deployment. + enabled: false + # -- The lower limit for the number of replicas to which the autoscaler can scale down. + minReplicas: 2 + # -- The upper limit for the number of replicas to which the autoscaler can scale up. + maxReplicas: 5 + # -- Average CPU utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetCPUUtilizationPercentage` to 0 will disable CPU scaling. + targetCPUUtilizationPercentage: 0 + # -- Average Memory utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetMemoryUtilizationPercentage` to 0 will disable Memory scaling. + targetMemoryUtilizationPercentage: 80 + agent: + # This chart creates the configmaps + configMap: + create: false + resources: + requests: + cpu: "1" + memory: "2G" + extraPorts: + - name: otlp-grpc + port: 4317 + targetPort: 4317 + protocol: TCP + - name: otlp-http + port: 4318 + targetPort: 4318 + protocol: TCP + +# @ignored Ignore agent statefulset +grafana-agent-statefulset: + # -- Do not change this. + nameOverride: statefulset + controller: + type: statefulset + replicas: 1 + autoscaling: + # -- Creates a HorizontalPodAutoscaler for controller type deployment. + enabled: false + # -- The lower limit for the number of replicas to which the autoscaler can scale down. + minReplicas: 2 + # -- The upper limit for the number of replicas to which the autoscaler can scale up. + maxReplicas: 5 + # -- Average CPU utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetCPUUtilizationPercentage` to 0 will disable CPU scaling. + targetCPUUtilizationPercentage: 0 + # -- Average Memory utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetMemoryUtilizationPercentage` to 0 will disable Memory scaling. + targetMemoryUtilizationPercentage: 80 + service: + clusterIP: None + agent: + extraEnv: + - name: GRAFANA_CLOUD_API_KEY + value: + - name: GRAFANA_CLOUD_PROMETHEUS_URL + value: + - name: GRAFANA_CLOUD_PROMETHEUS_USERNAME + value: + - name: GRAFANA_CLOUD_TEMPO_ENDPOINT + value: + - name: GRAFANA_CLOUD_TEMPO_USERNAME + value: + # This is required for adaptive metric deduplication in Grafana Cloud + - name: POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid + # This chart creates the configmaps + configMap: + create: false + resources: + requests: + cpu: "1" + memory: "2G" + extraPorts: + - name: otlp-grpc + port: 4317 + targetPort: 4317 + protocol: TCP + # The statefulset and deployment can share the same serviceAccount and rbac roles + serviceAccount: + create: false + rbac: + create: false From 1e803f80bcb8ca5522824e5563c9cb804c564243 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Mon, 8 Apr 2024 13:01:03 +0200 Subject: [PATCH 176/211] fix: Push charts to GHCR requires login (#2998) Signed-off-by: Marco Maurer --- .github/workflows/release.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 800c0a59b9..e46c9e748e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -47,14 +47,19 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_SKIP_EXISTING: "true" + - name: Login to GHCR + uses: docker/login-action@v3.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push charts to GHCR run: | shopt -s nullglob - for pkg in .cr-release-packages/*; do + for pkg in .cr-release-packages/*.tgz; do if [ -z "${pkg:-}" ]; then break fi - if ! helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts"; then - echo '::warning:: helm push failed!' - fi + helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/helm-charts" done From fd1b69d33a0fcbf7ebc5df22e394b132d72aa0ad Mon Sep 17 00:00:00 2001 From: gasmick <33287410+gasmick@users.noreply.github.com> Date: Mon, 8 Apr 2024 14:42:12 +0200 Subject: [PATCH 177/211] [loki-distributed]: update AppVersion Signed-off-by: gasmick <33287410+gasmick@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 2 +- charts/loki-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 02bde88422..f6befe5899 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.4 +appVersion: 2.9.6 version: 0.79.0 home: https://grafana.github.io/helm-charts sources: diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index f51f6e671f..d40ea8b510 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.4](https://img.shields.io/badge/AppVersion-2.9.4-informational?style=flat-square) +![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.6](https://img.shields.io/badge/AppVersion-2.9.6-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 32ac08b9dd50f16d0a544f754f739089bac398fc Mon Sep 17 00:00:00 2001 From: Gritzko Daniel Kleiner Date: Tue, 9 Apr 2024 08:33:06 -0300 Subject: [PATCH 178/211] include review suggested by @zanhsieh Signed-off-by: Gritzko Daniel Kleiner --- charts/grafana/templates/_helpers.tpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/grafana/templates/_helpers.tpl b/charts/grafana/templates/_helpers.tpl index 570b92742c..f3ebc37c93 100644 --- a/charts/grafana/templates/_helpers.tpl +++ b/charts/grafana/templates/_helpers.tpl @@ -145,11 +145,11 @@ Return the appropriate apiVersion for ingress. Return the appropriate apiVersion for Horizontal Pod Autoscaler. */}} {{- define "grafana.hpa.apiVersion" -}} - {{- if .Capabilities.APIVersions.Has "autoscaling/v2" }} - {{- "autoscaling/v2" }} - {{- else }} - {{- "autoscaling/v2beta2" }} - {{- end }} +{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }} +{{- print "autoscaling/v2" }} +{{- else }} +{{- print "autoscaling/v2beta2" }} +{{- end }} {{- end }} {{/* From df8e0423badcb7e15fcf77637deba16be9ba614c Mon Sep 17 00:00:00 2001 From: Arve Knudsen Date: Fri, 12 Apr 2024 08:51:35 +0200 Subject: [PATCH 179/211] rollout-operator: Update to v0.14.0 Signed-off-by: Arve Knudsen --- charts/rollout-operator/Chart.yaml | 4 ++-- charts/rollout-operator/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rollout-operator/Chart.yaml b/charts/rollout-operator/Chart.yaml index acff27d8ad..817940e6e3 100644 --- a/charts/rollout-operator/Chart.yaml +++ b/charts/rollout-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rollout-operator description: "Grafana rollout-operator" type: application -version: 0.14.0 -appVersion: v0.13.0 +version: 0.15.0 +appVersion: v0.14.0 home: https://github.com/grafana/rollout-operator kubeVersion: ^1.10.0-0 diff --git a/charts/rollout-operator/README.md b/charts/rollout-operator/README.md index f0de8efaa4..360e462007 100644 --- a/charts/rollout-operator/README.md +++ b/charts/rollout-operator/README.md @@ -4,7 +4,7 @@ Helm chart for deploying [Grafana rollout-operator](https://github.com/grafana/r # rollout-operator -![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0](https://img.shields.io/badge/AppVersion-v0.13.0-informational?style=flat-square) +![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.0](https://img.shields.io/badge/AppVersion-v0.14.0-informational?style=flat-square) Grafana rollout-operator From c946bbc836b6c5748326dd6d2f09a7a8ef4a8517 Mon Sep 17 00:00:00 2001 From: Tero Paloheimo Date: Fri, 12 Apr 2024 15:38:52 +0300 Subject: [PATCH 180/211] [grafana] Update to version 10.4.1 (#3039) Signed-off-by: Tero Paloheimo Co-authored-by: MH Co-authored-by: George Krajcsovits --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index ab3f6a3636..167bdf17a8 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.3.7 -appVersion: 10.4.0 +version: 7.3.8 +appVersion: 10.4.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From 6b7cfd944455a46b3c2f65010dcf7c48bd39cb3e Mon Sep 17 00:00:00 2001 From: Paulin Todev Date: Fri, 12 Apr 2024 15:27:25 +0100 Subject: [PATCH 181/211] Update helm charts for Agent 0.40.3 Signed-off-by: Paulin Todev --- charts/agent-operator/Chart.yaml | 8 ++++---- charts/agent-operator/README.md | 6 +++--- charts/agent-operator/values.yaml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 769bc0b7af..7f83bf24b1 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.20 -appVersion: "0.40.3" +version: 0.3.21 +appVersion: "0.40.4" home: https://grafana.com/docs/agent/v0.40/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.40.3/docs/sources/assets/logo_and_name.png +icon: https://raw.githubusercontent.com/grafana/agent/v0.40.4/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.40.3/pkg/operator + - https://github.com/grafana/agent/tree/v0.40.4/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 49afcf11e2..693da6935e 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.20](https://img.shields.io/badge/Version-0.3.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.3](https://img.shields.io/badge/AppVersion-0.40.3-informational?style=flat-square) +![Version: 0.3.21](https://img.shields.io/badge/Version-0.3.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.4](https://img.shields.io/badge/AppVersion-0.40.4-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.40.3"` | Image tag | +| image.tag | string | `"v0.40.4"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 2c75016249..b1610a0321 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.40.3 + tag: v0.40.4 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 5e3fae68a26bacb10a6c70fe7d67ab703ff26275 Mon Sep 17 00:00:00 2001 From: Paulin Todev Date: Fri, 12 Apr 2024 16:06:27 +0100 Subject: [PATCH 182/211] Make Grafana Agent maintainers to be owners of the agent operator chart Signed-off-by: Paulin Todev --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b139ff55fe..ce6681f871 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -17,3 +17,4 @@ /charts/enterprise-logs/ @grafana/loki-squad /charts/tempo-vulture/ @grafana/tempo @Whyeasy @dgzlopes /charts/synthetic-monitoring-agent/ @torstenwalter @zanhsieh +/charts/agent-operator/ @grafana/grafana-agent-maintainers From f24cdb9b5530e6a9812797fbcecc600c3255a039 Mon Sep 17 00:00:00 2001 From: Heds Simons Date: Thu, 11 Apr 2024 13:52:33 -0700 Subject: [PATCH 183/211] [tempo-distributed] Adds service specific features for enterprise gateway inline with gateway. Namely: * Service type * Service port * Cluster IP address (if type is ClusterIP) * Loadbalancer IP address (if type is LoadBalancer) The gateway component already supports these, inline with similar config options in Mimir and Loki. The enterprise gateway component does not. Can help in situations where specific cluster/loadbalancer port mappings are required for external IPs for a cluster. Signed-off-by: Heds Simons --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 11 +++++++---- .../templates/enterprise-gateway/gateway-svc.yaml | 8 +++++++- charts/tempo-distributed/values.yaml | 12 ++++++++++-- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index ebf70e588a..41429d7631 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.1 +version: 1.9.2 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 02f86079f6..babba59334 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.1](https://img.shields.io/badge/Version-1.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -387,9 +387,12 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.resources.requests.cpu | string | `"10m"` | | | enterpriseGateway.resources.requests.memory | string | `"32Mi"` | | | enterpriseGateway.securityContext | object | `{}` | | -| enterpriseGateway.service.annotations | object | `{}` | | -| enterpriseGateway.service.labels | object | `{}` | | -| enterpriseGateway.service.port | string | `nil` | If the port is left undefined, the service will listen on the same port as the pod | +| enterpriseGateway.service.annotations | object | `{}` | Annotations for the enterprise gateway service | +| enterpriseGateway.service.clusterIP | string | `nil` | ClusterIP of the enterprise gateway service | +| enterpriseGateway.service.labels | object | `{}` | Labels for enterprise gateway service | +| enterpriseGateway.service.loadBalancerIP | string | `nil` | Load balancer IPO address if service type is LoadBalancer for enterprise gateway service | +| enterpriseGateway.service.port | string | `nil` | Port of the enterprise gateway service; if left undefined, the service will listen on the same port as the pod | +| enterpriseGateway.service.type | string | `"ClusterIP"` | Type of the enterprise gateway service | | enterpriseGateway.strategy.rollingUpdate.maxSurge | int | `0` | | | enterpriseGateway.strategy.rollingUpdate.maxUnavailable | int | `1` | | | enterpriseGateway.strategy.type | string | `"RollingUpdate"` | | diff --git a/charts/tempo-distributed/templates/enterprise-gateway/gateway-svc.yaml b/charts/tempo-distributed/templates/enterprise-gateway/gateway-svc.yaml index 0698dc62b7..1c5c37b611 100644 --- a/charts/tempo-distributed/templates/enterprise-gateway/gateway-svc.yaml +++ b/charts/tempo-distributed/templates/enterprise-gateway/gateway-svc.yaml @@ -13,7 +13,13 @@ metadata: {{- toYaml .Values.enterpriseGateway.service.annotations | nindent 4 }} namespace: {{ .Release.Namespace | quote }} spec: - type: ClusterIP + type: {{ .Values.enterpriseGateway.service.type }} + {{- with .Values.enterpriseGateway.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- if and (eq "LoadBalancer" .Values.enterpriseGateway.service.type) .Values.enterpriseGateway.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.enterpriseGateway.service.loadBalancerIP }} + {{- end }} ports: - port: {{ .Values.enterpriseGateway.service.port | default (include "tempo.serverHttpListenPort" . ) }} protocol: TCP diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 1a5c825f50..2720dc418b 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -2009,10 +2009,18 @@ enterpriseGateway: annotations: {} service: + # -- Port of the enterprise gateway service; if left undefined, the service will listen on the same port as the pod + port: null + # -- Type of the enterprise gateway service + type: ClusterIP + # -- ClusterIP of the enterprise gateway service + clusterIP: null + # -- Load balancer IPO address if service type is LoadBalancer for enterprise gateway service + loadBalancerIP: null + # -- Annotations for the enterprise gateway service annotations: {} + # -- Labels for enterprise gateway service labels: {} - # -- If the port is left undefined, the service will listen on the same port as the pod - port: null strategy: type: RollingUpdate From 5b6794a6647f8714155c9e22829d78feff7dfc32 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Tue, 2 Apr 2024 12:13:54 +1100 Subject: [PATCH 184/211] fixing imagePullSecrets for enterprise components Signed-off-by: Jordan Simonovski --- .../templates/admin-api/_helpers.tpl | 7 +++++++ .../templates/admin-api/admin-api-dep.yaml | 7 +------ .../templates/enterprise-gateway/_helpers.tpl | 8 ++++++++ .../enterprise-gateway/gateway-dep.yaml | 7 +------ charts/tempo-distributed/values.yaml | 20 +++++++++++++++++++ 5 files changed, 37 insertions(+), 12 deletions(-) create mode 100644 charts/tempo-distributed/templates/admin-api/_helpers.tpl diff --git a/charts/tempo-distributed/templates/admin-api/_helpers.tpl b/charts/tempo-distributed/templates/admin-api/_helpers.tpl new file mode 100644 index 0000000000..0400e2aabd --- /dev/null +++ b/charts/tempo-distributed/templates/admin-api/_helpers.tpl @@ -0,0 +1,7 @@ +{{/* +adminApi imagePullSecrets +*/}} +{{- define "tempo.adminApiImagePullSecrets" -}} +{{- $dict := dict "tempo" .Values.tempo.image "component" .Values.adminApi.image "global" .Values.global.image -}} +{{- include "tempo.adminApiImagePullSecrets" $dict -}} +{{- end }} diff --git a/charts/tempo-distributed/templates/admin-api/admin-api-dep.yaml b/charts/tempo-distributed/templates/admin-api/admin-api-dep.yaml index 469417a506..ae0d733c33 100644 --- a/charts/tempo-distributed/templates/admin-api/admin-api-dep.yaml +++ b/charts/tempo-distributed/templates/admin-api/admin-api-dep.yaml @@ -37,12 +37,7 @@ spec: {{- with .Values.adminApi.initContainers }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.tempo.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} + {{- include "tempo.adminApiImagePullSecrets" . | nindent 6 -}} {{- with .Values.adminApi.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} diff --git a/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl b/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl index 2b25560845..8205976c09 100644 --- a/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl +++ b/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl @@ -31,3 +31,11 @@ Return if ingress supports pathType. {{- define "tempo.ingress.supportsPathType" -}} {{- or (eq (include "tempo.ingress.isStable" .) "true") (and (eq (include "tempo.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} {{- end -}} + +{{/* +enterpriseGateway imagePullSecrets +*/}} +{{- define "tempo.enterpriseGatewayImagePullSecrets" -}} +{{- $dict := dict "tempo" .Values.tempo.image "component" .Values.enterpriseGateway.image "global" .Values.global.image -}} +{{- include "tempo.enterpriseGatewayImagePullSecrets" $dict -}} +{{- end }} diff --git a/charts/tempo-distributed/templates/enterprise-gateway/gateway-dep.yaml b/charts/tempo-distributed/templates/enterprise-gateway/gateway-dep.yaml index 011322ddfc..0da57a1548 100644 --- a/charts/tempo-distributed/templates/enterprise-gateway/gateway-dep.yaml +++ b/charts/tempo-distributed/templates/enterprise-gateway/gateway-dep.yaml @@ -35,12 +35,7 @@ spec: {{- toYaml .Values.enterpriseGateway.securityContext | nindent 8 }} initContainers: {{- toYaml .Values.enterpriseGateway.initContainers | nindent 8 }} - {{- if .Values.tempo.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} + {{- include "tempo.enterpriseGatewayImagePullSecrets" . | nindent 6 -}} {{- with .Values.enterpriseGateway.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 1a5c825f50..f3b080decd 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1920,6 +1920,16 @@ adminApi: annotations: {} labels: {} + image: + # -- The Docker registry for the adminApi image. Overrides `tempo.image.registry` + registry: null + # -- Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` + pullSecrets: [] + # -- Docker image repository for the adminApi image. Overrides `tempo.image.repository` + repository: null + # -- Docker image tag for the adminApi image. Overrides `tempo.image.tag` + tag: null + initContainers: [] strategy: @@ -2007,6 +2017,16 @@ enterpriseGateway: # hostnames: # - domain.tld + image: + # -- The Docker registry for the enterpriseGateway image. Overrides `tempo.image.registry` + registry: null + # -- Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` + pullSecrets: [] + # -- Docker image repository for the enterpriseGateway image. Overrides `tempo.image.repository` + repository: null + # -- Docker image tag for the enterpriseGateway image. Overrides `tempo.image.tag` + tag: null + annotations: {} service: annotations: {} From 0d12d217a9cd55c51d75b7aa17c6a193f15655ca Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Wed, 3 Apr 2024 11:36:52 +1100 Subject: [PATCH 185/211] Ran helm-docs on tempo-distributed The config overrides from the values.yml need to be added to the README.md to ensure up-to-date documentation for charts. Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 02f86079f6..66360c152b 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -223,6 +223,10 @@ The memcached default args are removed and should be provided manually. The sett | adminApi.extraVolumeMounts | list | `[]` | | | adminApi.extraVolumes | list | `[]` | | | adminApi.hostAliases | list | `[]` | hostAliases to add | +| adminApi.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` | +| adminApi.image.registry | string | `nil` | The Docker registry for the adminApi image. Overrides `tempo.image.registry` | +| adminApi.image.repository | string | `nil` | Docker image repository for the adminApi image. Overrides `tempo.image.repository` | +| adminApi.image.tag | string | `nil` | Docker image tag for the adminApi image. Overrides `tempo.image.tag` | | adminApi.initContainers | list | `[]` | | | adminApi.nodeSelector | object | `{}` | | | adminApi.persistence.subPath | string | `nil` | | @@ -369,6 +373,10 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.extraVolumeMounts | list | `[]` | | | enterpriseGateway.extraVolumes | list | `[]` | | | enterpriseGateway.hostAliases | list | `[]` | hostAliases to add | +| enterpriseGateway.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` | +| enterpriseGateway.image.registry | string | `nil` | The Docker registry for the enterpriseGateway image. Overrides `tempo.image.registry` | +| enterpriseGateway.image.repository | string | `nil` | Docker image repository for the enterpriseGateway image. Overrides `tempo.image.repository` | +| enterpriseGateway.image.tag | string | `nil` | Docker image tag for the enterpriseGateway image. Overrides `tempo.image.tag` | | enterpriseGateway.ingress.annotations | object | `{}` | Annotations for the gateway ingress | | enterpriseGateway.ingress.enabled | bool | `false` | Specifies whether an ingress for the gateway should be created | | enterpriseGateway.ingress.hosts | list | `[{"host":"gateway.gem.example.com","paths":[{"path":"/"}]}]` | Hosts configuration for the gateway ingress | From c24f8cb67a6c25945bf339e5eb007bd7d934cac0 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Wed, 3 Apr 2024 11:40:34 +1100 Subject: [PATCH 186/211] updating version in chart.yaml Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index ebf70e588a..41429d7631 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.1 +version: 1.9.2 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From d739d7e412d7da26eb4039353fb6fc9e0fc1dfd7 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Wed, 17 Apr 2024 19:34:56 +1000 Subject: [PATCH 187/211] Update README and chart to match recent patch bump Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 41429d7631..4153f810d7 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.2 +version: 1.9.3 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 66360c152b..d04e83c501 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.1](https://img.shields.io/badge/Version-1.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From 7eb35238fff33a59812f9ad629d271a8439a5d05 Mon Sep 17 00:00:00 2001 From: Guilhem Lettron Date: Mon, 25 Mar 2024 11:26:08 +0100 Subject: [PATCH 188/211] fix: lookup volumename on pvc This fix upgrade problem where helm try to override immutable field Signed-off-by: Guilhem Lettron --- charts/grafana/templates/pvc.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/grafana/templates/pvc.yaml b/charts/grafana/templates/pvc.yaml index eb8f87f077..c0edad2c46 100644 --- a/charts/grafana/templates/pvc.yaml +++ b/charts/grafana/templates/pvc.yaml @@ -25,6 +25,9 @@ spec: resources: requests: storage: {{ .Values.persistence.size | quote }} + {{- if (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)) }} + volumeName: {{ (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)).spec.volumeName }} + {{- end }} {{- with .Values.persistence.storageClassName }} storageClassName: {{ . }} {{- end }} From 2a8391839c6c436ed5f7d820643d7225784420c1 Mon Sep 17 00:00:00 2001 From: Guilhem Lettron Date: Sun, 31 Mar 2024 12:13:09 +0200 Subject: [PATCH 189/211] chore: bump Chart version Signed-off-by: Guilhem Lettron --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 167bdf17a8..efd3bd081c 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.8 +version: 7.3.9 appVersion: 10.4.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 2db1a252b6d00e6da58d3119a3ee1cd6c8aef235 Mon Sep 17 00:00:00 2001 From: Robert Lankford Date: Wed, 17 Apr 2024 15:18:39 -0700 Subject: [PATCH 190/211] [grafana-sampling] fix property case for enabling metrics gen (#3087) * [sampling] fix property case for enabling metrics gen n Signed-off-by: Robbie Lankford * bump version; run helm-docs Signed-off-by: Robbie Lankford --------- Signed-off-by: Robbie Lankford --- charts/grafana-sampling/Chart.yaml | 2 +- charts/grafana-sampling/README.md | 2 +- .../templates/_otelcol_processor_batch.river.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/grafana-sampling/Chart.yaml b/charts/grafana-sampling/Chart.yaml index 44e076b128..a5b985588b 100644 --- a/charts/grafana-sampling/Chart.yaml +++ b/charts/grafana-sampling/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: grafana-sampling description: A Helm chart for a layered OTLP tail sampling and metrics generation pipeline. type: application -version: 0.1.0 +version: 0.1.1 appVersion: "v0.40.2" sources: - https://github.com/grafana/agent diff --git a/charts/grafana-sampling/README.md b/charts/grafana-sampling/README.md index 6ad9785b72..0c10e0ec84 100644 --- a/charts/grafana-sampling/README.md +++ b/charts/grafana-sampling/README.md @@ -1,6 +1,6 @@ # grafana-sampling -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.40.2](https://img.shields.io/badge/AppVersion-v0.40.2-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.40.2](https://img.shields.io/badge/AppVersion-v0.40.2-informational?style=flat-square) A Helm chart for a layered OTLP tail sampling and metrics generation pipeline. diff --git a/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt index 4c1f6b58cb..25fb2ef497 100644 --- a/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt +++ b/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt @@ -12,7 +12,7 @@ otelcol.processor.batch "default" { otelcol.processor.batch "default" { // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.batch/ output { - {{ if .Values.metricsGeneration.Enabled }} + {{ if .Values.metricsGeneration.enabled }} metrics = [otelcol.exporter.prometheus.grafana_cloud_prometheus.input] {{ end }} traces = [otelcol.exporter.otlp.grafana_cloud_tempo.input] From 12b2e5099dad30753653fe286751e15bb4ab3dc8 Mon Sep 17 00:00:00 2001 From: Zach Leslie Date: Thu, 11 Apr 2024 13:31:41 +0000 Subject: [PATCH 191/211] [tempo-distributed] add initContainers to generator and ingester sts for future UID change Signed-off-by: Zach Leslie --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 4 +++- .../templates/ingester/statefulset-ingester.yaml | 2 ++ .../metrics-generator/statefulset-metrics-generator.yaml | 2 ++ charts/tempo-distributed/values.yaml | 2 ++ 5 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 41429d7631..4153f810d7 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.2 +version: 1.9.3 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index babba59334..2b574bd5bd 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -494,6 +494,7 @@ The memcached default args are removed and should be provided manually. The sett | ingester.image.registry | string | `nil` | The Docker registry for the ingester image. Overrides `tempo.image.registry` | | ingester.image.repository | string | `nil` | Docker image repository for the ingester image. Overrides `tempo.image.repository` | | ingester.image.tag | string | `nil` | Docker image tag for the ingester image. Overrides `tempo.image.tag` | +| ingester.initContainers | list | `[]` | | | ingester.nodeSelector | object | `{}` | Node selector for ingester pods | | ingester.persistence.annotations | object | `{}` | Annotations for ingester's persist volume claim | | ingester.persistence.enabled | bool | `false` | Enable creating PVCs which is required when using boltdb-shipper | @@ -591,6 +592,7 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.image.registry | string | `nil` | The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` | | metricsGenerator.image.repository | string | `nil` | Docker image repository for the metrics-generator image. Overrides `tempo.image.repository` | | metricsGenerator.image.tag | string | `nil` | Docker image tag for the metrics-generator image. Overrides `tempo.image.tag` | +| metricsGenerator.initContainers | list | `[]` | | | metricsGenerator.kind | string | `"Deployment"` | Kind of deployment [StatefulSet/Deployment] | | metricsGenerator.nodeSelector | object | `{}` | Node selector for metrics-generator pods | | metricsGenerator.persistence | object | `{"annotations":{},"enabled":false,"size":"10Gi","storageClass":null}` | Persistence configuration for metrics-generator | diff --git a/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml b/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml index 79abf99e9c..de84ca588b 100644 --- a/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml +++ b/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml @@ -55,6 +55,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.ingester.initContainers | nindent 8 }} containers: - args: - -target=ingester diff --git a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml index 286e68c37e..02e330eda6 100644 --- a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml +++ b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml @@ -55,6 +55,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.metricsGenerator.initContainers | nindent 8 }} containers: - args: - -target=metrics-generator diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 2720dc418b..277070988c 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -112,6 +112,7 @@ ingester: # - ip: 1.2.3.4 # hostnames: # - domain.tld + initContainers: [] autoscaling: # -- Enable autoscaling for the ingester. WARNING: Autoscaling ingesters can result in lost data. Only do this if you know what you're doing. enabled: false @@ -239,6 +240,7 @@ metricsGenerator: # - ip: 1.2.3.4 # hostnames: # - domain.tld + initContainers: [] image: # -- The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` registry: null From 24b1b912982860cf1de241cbb53776647db9d02d Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Fri, 19 Apr 2024 12:24:59 +1000 Subject: [PATCH 192/211] Adding image pull secrets support to tokengenJob Adding standardised imagepullsecrets support to tokengenJob Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 6 +++++- .../tempo-distributed/templates/admin-api/_helpers.tpl | 2 +- .../templates/enterprise-gateway/_helpers.tpl | 2 +- .../tempo-distributed/templates/tokengen/__helpers.tpl | 7 +++++++ .../templates/tokengen/tokengen-job.yaml | 7 +------ charts/tempo-distributed/values.yaml | 9 +++++++++ 6 files changed, 24 insertions(+), 9 deletions(-) create mode 100644 charts/tempo-distributed/templates/tokengen/__helpers.tpl diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index d04e83c501..876059ccfe 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -780,6 +780,10 @@ The memcached default args are removed and should be provided manually. The sett | tokengenJob.extraArgs | object | `{}` | | | tokengenJob.extraEnvFrom | list | `[]` | | | tokengenJob.hostAliases | list | `[]` | hostAliases to add | +| tokengenJob.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` | +| tokengenJob.image.registry | string | `nil` | The Docker registry for the tokengenJob image. Overrides `tempo.image.registry` | +| tokengenJob.image.repository | string | `nil` | Docker image repository for the tokengenJob image. Overrides `tempo.image.repository` | +| tokengenJob.image.tag | string | `nil` | Docker image tag for the tokengenJob image. Overrides `tempo.image.tag` | | tokengenJob.initContainers | list | `[]` | | | traces.jaeger.grpc.enabled | bool | `false` | Enable Tempo to ingest Jaeger GRPC traces | | traces.jaeger.grpc.receiverConfig | object | `{}` | Jaeger GRPC receiver config | diff --git a/charts/tempo-distributed/templates/admin-api/_helpers.tpl b/charts/tempo-distributed/templates/admin-api/_helpers.tpl index 0400e2aabd..3b72a6633d 100644 --- a/charts/tempo-distributed/templates/admin-api/_helpers.tpl +++ b/charts/tempo-distributed/templates/admin-api/_helpers.tpl @@ -3,5 +3,5 @@ adminApi imagePullSecrets */}} {{- define "tempo.adminApiImagePullSecrets" -}} {{- $dict := dict "tempo" .Values.tempo.image "component" .Values.adminApi.image "global" .Values.global.image -}} -{{- include "tempo.adminApiImagePullSecrets" $dict -}} +{{- include "tempo.imagePullSecrets" $dict -}} {{- end }} diff --git a/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl b/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl index 8205976c09..cb030eee62 100644 --- a/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl +++ b/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl @@ -37,5 +37,5 @@ enterpriseGateway imagePullSecrets */}} {{- define "tempo.enterpriseGatewayImagePullSecrets" -}} {{- $dict := dict "tempo" .Values.tempo.image "component" .Values.enterpriseGateway.image "global" .Values.global.image -}} -{{- include "tempo.enterpriseGatewayImagePullSecrets" $dict -}} +{{- include "tempo.imagePullSecrets" $dict -}} {{- end }} diff --git a/charts/tempo-distributed/templates/tokengen/__helpers.tpl b/charts/tempo-distributed/templates/tokengen/__helpers.tpl new file mode 100644 index 0000000000..f23d971c38 --- /dev/null +++ b/charts/tempo-distributed/templates/tokengen/__helpers.tpl @@ -0,0 +1,7 @@ +{{/* +tokengen-job imagePullSecrets +*/}} +{{- define "tempo.tokengenJobImagePullSecrets" -}} +{{- $dict := dict "tempo" .Values.tempo.image "component" .Values.tokengenJob.image "global" .Values.global.image -}} +{{- include "tempo.imagePullSecrets" $dict -}} +{{- end }} diff --git a/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml b/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml index b73c699031..c516237ab5 100644 --- a/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml +++ b/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml @@ -33,12 +33,7 @@ spec: {{- end }} securityContext: {{- toYaml .Values.tokengenJob.securityContext | nindent 8 }} - {{- if .Values.tempo.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.tempo.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} + {{- include "tempo.tokengenJobImagePullSecrets" . | nindent 6 -}} {{- with .Values.tokengenJob.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index f3b080decd..5ad5a5faa8 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1900,6 +1900,15 @@ tokengenJob: env: [] extraEnvFrom: [] annotations: {} + image: + # -- The Docker registry for the tokengenJob image. Overrides `tempo.image.registry` + registry: null + # -- Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` + pullSecrets: [] + # -- Docker image repository for the tokengenJob image. Overrides `tempo.image.repository` + repository: null + # -- Docker image tag for the tokengenJob image. Overrides `tempo.image.tag` + tag: null initContainers: [] # -- The SecurityContext for tokenjobgen containers containerSecurityContext: From 3acbc5d03830bf750808d58966f9a38656fcb978 Mon Sep 17 00:00:00 2001 From: Gritzko Daniel Kleiner Date: Fri, 19 Apr 2024 10:30:46 -0300 Subject: [PATCH 193/211] bumb chart version Signed-off-by: Gritzko Daniel Kleiner --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index efd3bd081c..167bdf17a8 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.9 +version: 7.3.8 appVersion: 10.4.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 6db205c65da69139b3740a215394f8c98e1b4eb5 Mon Sep 17 00:00:00 2001 From: Gritzko Daniel Kleiner Date: Fri, 19 Apr 2024 10:31:29 -0300 Subject: [PATCH 194/211] fix: chart bumb Signed-off-by: Gritzko Daniel Kleiner --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 167bdf17a8..3e9fcac6f2 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.8 +version: 7.3.10 appVersion: 10.4.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From c38312a69a8b891638c796965a96b015a5936f45 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Sun, 21 Apr 2024 12:48:14 +1000 Subject: [PATCH 195/211] version bump to 1.9.4 Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 4153f810d7..f80191dac5 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.3 +version: 1.9.4 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 5feec2a1e5..a4bbdc85b7 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.4](https://img.shields.io/badge/Version-1.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From ff0df54487dd598e9b3b9735f5afe7a887f10d8f Mon Sep 17 00:00:00 2001 From: Zach Leslie Date: Thu, 11 Apr 2024 13:31:41 +0000 Subject: [PATCH 196/211] [tempo-distributed] add initContainers to generator and ingester sts for future UID change Signed-off-by: Zach Leslie --- charts/tempo-distributed/README.md | 4 +++- .../templates/ingester/statefulset-ingester.yaml | 2 ++ .../metrics-generator/statefulset-metrics-generator.yaml | 2 ++ charts/tempo-distributed/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index a4bbdc85b7..e06a21e4a7 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.4](https://img.shields.io/badge/Version-1.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -502,6 +502,7 @@ The memcached default args are removed and should be provided manually. The sett | ingester.image.registry | string | `nil` | The Docker registry for the ingester image. Overrides `tempo.image.registry` | | ingester.image.repository | string | `nil` | Docker image repository for the ingester image. Overrides `tempo.image.repository` | | ingester.image.tag | string | `nil` | Docker image tag for the ingester image. Overrides `tempo.image.tag` | +| ingester.initContainers | list | `[]` | | | ingester.nodeSelector | object | `{}` | Node selector for ingester pods | | ingester.persistence.annotations | object | `{}` | Annotations for ingester's persist volume claim | | ingester.persistence.enabled | bool | `false` | Enable creating PVCs which is required when using boltdb-shipper | @@ -599,6 +600,7 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.image.registry | string | `nil` | The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` | | metricsGenerator.image.repository | string | `nil` | Docker image repository for the metrics-generator image. Overrides `tempo.image.repository` | | metricsGenerator.image.tag | string | `nil` | Docker image tag for the metrics-generator image. Overrides `tempo.image.tag` | +| metricsGenerator.initContainers | list | `[]` | | | metricsGenerator.kind | string | `"Deployment"` | Kind of deployment [StatefulSet/Deployment] | | metricsGenerator.nodeSelector | object | `{}` | Node selector for metrics-generator pods | | metricsGenerator.persistence | object | `{"annotations":{},"enabled":false,"size":"10Gi","storageClass":null}` | Persistence configuration for metrics-generator | diff --git a/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml b/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml index 79abf99e9c..de84ca588b 100644 --- a/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml +++ b/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml @@ -55,6 +55,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.ingester.initContainers | nindent 8 }} containers: - args: - -target=ingester diff --git a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml index 286e68c37e..02e330eda6 100644 --- a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml +++ b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml @@ -55,6 +55,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.metricsGenerator.initContainers | nindent 8 }} containers: - args: - -target=metrics-generator diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 5fb7e4290d..f3126609c2 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -112,6 +112,7 @@ ingester: # - ip: 1.2.3.4 # hostnames: # - domain.tld + initContainers: [] autoscaling: # -- Enable autoscaling for the ingester. WARNING: Autoscaling ingesters can result in lost data. Only do this if you know what you're doing. enabled: false @@ -239,6 +240,7 @@ metricsGenerator: # - ip: 1.2.3.4 # hostnames: # - domain.tld + initContainers: [] image: # -- The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` registry: null From 70ee8298947aa0b18027fac302ecbcbe8f822db4 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Wed, 17 Apr 2024 19:34:56 +1000 Subject: [PATCH 197/211] Update README and chart to match recent patch bump Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index e06a21e4a7..73cfa4ae95 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From e9237f7060c7be4e04f5e5427cdf61db8ee76a64 Mon Sep 17 00:00:00 2001 From: George Krajcsovits Date: Mon, 22 Apr 2024 15:57:42 +0200 Subject: [PATCH 198/211] Rewrite deprecated set-output calls in update-helm-repo.yaml (#3095) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ Signed-off-by: György Krajcsovits --- .github/workflows/update-helm-repo.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/update-helm-repo.yaml b/.github/workflows/update-helm-repo.yaml index 8382c1f231..883f675808 100644 --- a/.github/workflows/update-helm-repo.yaml +++ b/.github/workflows/update-helm-repo.yaml @@ -79,15 +79,15 @@ jobs: if [ $(git tag -l "${name}-${version}") ]; then echo "Tag ${tagname} already exists, skipping release" - echo "::set-output name=changed::false" + echo "changed=false" >> $GITHUB_OUTPUT else echo "Releasing ${changed}" - echo "::set-output name=changed::true" - echo "::set-output name=chartpath::${changed}" + echo "changed=true" >> $GITHUB_OUTPUT + echo "chartpath=${changed}" >> $GITHUB_OUTPUT fi else echo "No charts have changed, skipping release" - echo "::set-output name=changed::false" + echo "changed=false" >> $GITHUB_OUTPUT fi release: @@ -166,14 +166,14 @@ jobs: description=$(yq ".description" < ${changed}/Chart.yaml) name=$(yq ".name" < ${changed}/Chart.yaml) version=$(yq ".version" < ${changed}/Chart.yaml) - echo "::set-output name=chartpath::${changed}" - echo "::set-output name=desc::${description}" + echo "chartpath=${changed}" >> $GITHUB_OUTPUT + echo "desc=${description}" >> $GITHUB_OUTPUT if [[ -n "${HELM_TAG_PREFIX}" ]]; then - echo "::set-output name=tagname::${HELM_TAG_PREFIX}-${name}-${version}" + echo "tagname=${HELM_TAG_PREFIX}-${name}-${version}" >> $GITHUB_OUTPUT else - echo "::set-output name=tagname::${name}-${version}" + echo "tagname=${name}-${version}" >> $GITHUB_OUTPUT fi - echo "::set-output name=packagename::${name}-${version}" + echo "packagename=${name}-${version}" >> $GITHUB_OUTPUT - name: Install CR tool run: | From b190f33a8cb2fe84bb84e3b266b92008e52497c9 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Tue, 23 Apr 2024 07:44:59 +1000 Subject: [PATCH 199/211] fixed up README version Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index e06a21e4a7..ad6947fced 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.4](https://img.shields.io/badge/Version-1.94-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From 3387fc538bf75cbf0c353f8c5969048db596d858 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Tue, 23 Apr 2024 08:28:42 +1000 Subject: [PATCH 200/211] fixed up README version Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index ad6947fced..7418d0a137 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.4](https://img.shields.io/badge/Version-1.94-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.4](https://img.shields.io/badge/Version-1.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From 3f4a3d5efe50be832fa7c14ce132ab3b4cd0cf36 Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 1 May 2024 20:50:05 +0800 Subject: [PATCH 201/211] Update README.md --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 7418d0a137..c74b45a53f 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.4](https://img.shields.io/badge/Version-1.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.5](https://img.shields.io/badge/Version-1.9.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From bcc6ecfdd933b4801bae6beff1568097c87f6fcf Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Fri, 3 May 2024 15:35:34 +1000 Subject: [PATCH 202/211] fix invalid selector configuration for tokengenjob Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- charts/tempo-distributed/templates/tokengen/tokengen-job.yaml | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 81d86e75fc..92117a4c59 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.5 +version: 1.9.6 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index c74b45a53f..395f3f5d8c 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.5](https://img.shields.io/badge/Version-1.9.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.6](https://img.shields.io/badge/Version-1.9.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode diff --git a/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml b/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml index c516237ab5..8e727e9d57 100644 --- a/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml +++ b/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml @@ -18,6 +18,8 @@ spec: completions: 1 parallelism: 1 selector: + matchLabels: + {{- include "tempo.selectorLabels" $dict | nindent 6 }} template: metadata: labels: From 3fbc19b1499c7ac180b9949f14fb015a5ee58327 Mon Sep 17 00:00:00 2001 From: Vladimir Varankin Date: Fri, 3 May 2024 13:01:17 +0200 Subject: [PATCH 203/211] don't hardcode helm charts dependencies Signed-off-by: Vladimir Varankin --- .github/workflows/update-helm-repo.yaml | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/workflows/update-helm-repo.yaml b/.github/workflows/update-helm-repo.yaml index 883f675808..afc937ae24 100644 --- a/.github/workflows/update-helm-repo.yaml +++ b/.github/workflows/update-helm-repo.yaml @@ -145,19 +145,6 @@ jobs: with: version: v3.5.2 - - name: Add dependency chart repos - # Todo replace this by https://github.com/grafana/helm-charts/issues/1534 - run: | - helm repo add elastic https://helm.elastic.co - helm repo add grafana https://grafana.github.io/helm-charts - helm repo add prometheus https://prometheus-community.github.io/helm-charts - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo add bitnami-pre-2022 https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami - helm repo add hashicorp https://helm.releases.hashicorp.com - helm repo add minio-new https://charts.min.io - helm repo add jetstack https://charts.jetstack.io - helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx - - name: Parse Chart.yaml id: parse-chart run: | @@ -175,6 +162,18 @@ jobs: fi echo "packagename=${name}-${version}" >> $GITHUB_OUTPUT + - name: Add dependency chart repos + run: | + cd source + # Skip the header line and make sure that tabs are expanded into spaces + deps=$(helm dependency list "${{ steps.parse-chart.outputs.chartpath }}" | tail +2 | expand) + while read -r row; do + IFS=' ' read -ra parts <<< "$row" + name="${parts[0]}" + repo="${parts[2]}" + helm repo add "$name" "$repo" + done <<< "$deps" + - name: Install CR tool run: | mkdir "${CR_TOOL_PATH}" From 90ed5301175ff0714070587d1e6c8d91eb166ad4 Mon Sep 17 00:00:00 2001 From: Joe Elliott Date: Fri, 3 May 2024 14:38:22 -0400 Subject: [PATCH 204/211] remove example name Signed-off-by: Joe Elliott --- charts/tempo-distributed/README.md | 2 +- charts/tempo-distributed/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 395f3f5d8c..05928f27b1 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -924,7 +924,7 @@ config: | backend: s3 s3: access_key: tempo - bucket: tempo + bucket: endpoint: minio:9000 insecure: true secret_key: supersecret diff --git a/charts/tempo-distributed/README.md.gotmpl b/charts/tempo-distributed/README.md.gotmpl index 72219e0359..446c654362 100644 --- a/charts/tempo-distributed/README.md.gotmpl +++ b/charts/tempo-distributed/README.md.gotmpl @@ -323,7 +323,7 @@ config: | backend: s3 s3: access_key: tempo - bucket: tempo + bucket: endpoint: minio:9000 insecure: true secret_key: supersecret From 2f5503153ec965c2a5796f4e41e17e4f672e153b Mon Sep 17 00:00:00 2001 From: Joe Elliott Date: Fri, 3 May 2024 14:39:22 -0400 Subject: [PATCH 205/211] remove bucket from comment Signed-off-by: Joe Elliott --- charts/tempo/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo/values.yaml b/charts/tempo/values.yaml index e0a521d8e3..f19418fb52 100644 --- a/charts/tempo/values.yaml +++ b/charts/tempo/values.yaml @@ -66,7 +66,7 @@ tempo: # backend: s3 # store traces in s3 # s3: - # bucket: tempo # store traces in this bucket + # bucket: # store traces in this bucket # endpoint: s3.dualstack.us-east-2.amazonaws.com # api endpoint # access_key: ... # optional. access key when using static credentials. # secret_key: ... # optional. secret key when using static credentials. From 8fe010ce1b5a9eabfb0c9e8a133eb604aa581a24 Mon Sep 17 00:00:00 2001 From: Joe Elliott Date: Mon, 6 May 2024 08:07:12 -0400 Subject: [PATCH 206/211] bump version Signed-off-by: Joe Elliott --- charts/tempo/Chart.yaml | 2 +- charts/tempo/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tempo/Chart.yaml b/charts/tempo/Chart.yaml index 104e2126c5..5dfa24f2e6 100644 --- a/charts/tempo/Chart.yaml +++ b/charts/tempo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo description: Grafana Tempo Single Binary Mode type: application -version: 1.7.2 +version: 1.7.3 appVersion: 2.3.1 engine: gotpl home: https://grafana.net diff --git a/charts/tempo/README.md b/charts/tempo/README.md index 9e61f7a23b..07321130fd 100644 --- a/charts/tempo/README.md +++ b/charts/tempo/README.md @@ -1,6 +1,6 @@ # tempo -![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.7.3](https://img.shields.io/badge/Version-1.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo Single Binary Mode From 8fb506d31a56f1fcc1435f48853629e790782cd8 Mon Sep 17 00:00:00 2001 From: Joe Elliott Date: Mon, 6 May 2024 08:10:21 -0400 Subject: [PATCH 207/211] bump version Signed-off-by: Joe Elliott --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 92117a4c59..8d1c64ddf0 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.6 +version: 1.9.7 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 05928f27b1..6c1a911e22 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.6](https://img.shields.io/badge/Version-1.9.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.7](https://img.shields.io/badge/Version-1.9.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From fc1997e6494736b42e3c6559e361b7f3ac29e4c8 Mon Sep 17 00:00:00 2001 From: Vladimir Varankin Date: Tue, 7 May 2024 14:45:41 +0200 Subject: [PATCH 208/211] skip repository with unsupported schemas Signed-off-by: Vladimir Varankin --- .github/workflows/update-helm-repo.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-helm-repo.yaml b/.github/workflows/update-helm-repo.yaml index afc937ae24..5716b07eb5 100644 --- a/.github/workflows/update-helm-repo.yaml +++ b/.github/workflows/update-helm-repo.yaml @@ -171,7 +171,10 @@ jobs: IFS=' ' read -ra parts <<< "$row" name="${parts[0]}" repo="${parts[2]}" - helm repo add "$name" "$repo" + case "$repo" in + "https://"*) helm repo add "$name" "$repo" ;; + *) echo >&2 "Skipping dependency $name: unsupported schema for \"$repo\"" ;; + esac done <<< "$deps" - name: Install CR tool From 462862e137b7799034421cf1fcd87fd616ed3346 Mon Sep 17 00:00:00 2001 From: Benjamin Martensson Date: Tue, 7 May 2024 10:07:22 -0300 Subject: [PATCH 209/211] [tempo-distributed] fixed broken gateway path Fixes braking change introduced in PR #2729. Signed-off-by: Benjamin Martensson --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- charts/tempo-distributed/values.yaml | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 8d1c64ddf0..832b0de0c1 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.7 +version: 1.9.8 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 6c1a911e22..1c998ee940 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.7](https://img.shields.io/badge/Version-1.9.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.8](https://img.shields.io/badge/Version-1.9.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index f3126609c2..d47c76db75 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1836,6 +1836,10 @@ gateway: proxy_pass http://{{ include "tempo.resourceName" (dict "ctx" . "component" "distributor") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:4318/v1/traces; } + location = /otlp/v1/traces { + proxy_pass http://{{ include "tempo.resourceName" (dict "ctx" . "component" "distributor") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:4318/v1/traces; + } + location ^~ /api { proxy_pass http://{{ include "tempo.resourceName" (dict "ctx" . "component" "query-frontend") }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }}:3100$request_uri; } From 8cb815afa9ff9b9ab21b9789cbae23ec88704eb1 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Mon, 6 May 2024 11:38:05 +1000 Subject: [PATCH 210/211] The Selector should not be manually specified unless otherwise configured in spec. Removing the selector altogether ensures the job configuration is valid, while also allowing for templating without null values causing errors Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- charts/tempo-distributed/templates/tokengen/tokengen-job.yaml | 3 --- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 832b0de0c1..4cd2f6cd74 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.8 +version: 1.9.9 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 1c998ee940..7e3f743496 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.8](https://img.shields.io/badge/Version-1.9.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.9](https://img.shields.io/badge/Version-1.9.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode diff --git a/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml b/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml index 8e727e9d57..0af68007c7 100644 --- a/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml +++ b/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml @@ -17,9 +17,6 @@ spec: backoffLimit: 6 completions: 1 parallelism: 1 - selector: - matchLabels: - {{- include "tempo.selectorLabels" $dict | nindent 6 }} template: metadata: labels: From 6eba5e9c96ca8b05290bd802886d0d356599d3b6 Mon Sep 17 00:00:00 2001 From: MH Date: Fri, 10 May 2024 13:51:24 +0800 Subject: [PATCH 211/211] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 3e9fcac6f2..f9b619ef6c 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.10 +version: 7.3.11 appVersion: 10.4.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics.